ID CVE-2015-5292
Summary Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
References
Vulnerable Configurations
  • cpe:2.3:a:fedoraproject:sssd:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.11.7:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.11.7:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.13.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 07-12-2016 - 18:16)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
redhat via4
advisories
  • bugzilla
    id 1268783
    title Memory leak / possible DoS with krb auth. [rhel 6.7.z]
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment libipa_hbac is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019001
          • comment libipa_hbac is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375002
        • AND
          • comment libipa_hbac-devel is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019003
          • comment libipa_hbac-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375004
        • AND
          • comment libipa_hbac-python is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019005
          • comment libipa_hbac-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375006
        • AND
          • comment libsss_idmap is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019007
          • comment libsss_idmap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375008
        • AND
          • comment libsss_idmap-devel is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019009
          • comment libsss_idmap-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375010
        • AND
          • comment libsss_nss_idmap is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019011
          • comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375012
        • AND
          • comment libsss_nss_idmap-devel is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019013
          • comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375014
        • AND
          • comment libsss_nss_idmap-python is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019015
          • comment libsss_nss_idmap-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375016
        • AND
          • comment libsss_simpleifp is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019017
          • comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150441018
        • AND
          • comment libsss_simpleifp-devel is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019019
          • comment libsss_simpleifp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150441020
        • AND
          • comment python-sssdconfig is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019021
          • comment python-sssdconfig is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375018
        • AND
          • comment sssd is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019023
          • comment sssd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375020
        • AND
          • comment sssd-ad is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019025
          • comment sssd-ad is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375022
        • AND
          • comment sssd-client is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019027
          • comment sssd-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375024
        • AND
          • comment sssd-common is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019029
          • comment sssd-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375026
        • AND
          • comment sssd-common-pac is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019031
          • comment sssd-common-pac is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375028
        • AND
          • comment sssd-dbus is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019033
          • comment sssd-dbus is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375030
        • AND
          • comment sssd-ipa is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019035
          • comment sssd-ipa is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375032
        • AND
          • comment sssd-krb5 is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019037
          • comment sssd-krb5 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375034
        • AND
          • comment sssd-krb5-common is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019039
          • comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375036
        • AND
          • comment sssd-ldap is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019041
          • comment sssd-ldap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375038
        • AND
          • comment sssd-proxy is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019043
          • comment sssd-proxy is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375040
        • AND
          • comment sssd-tools is earlier than 0:1.12.4-47.el6_7.4
            oval oval:com.redhat.rhsa:tst:20152019045
          • comment sssd-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375042
    rhsa
    id RHSA-2015:2019
    released 2015-11-10
    severity Low
    title RHSA-2015:2019: sssd security and bug fix update (Low)
  • bugzilla
    id 1270827
    title local overrides: don't contact server with overridden name/id
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment libipa_hbac is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355001
          • comment libipa_hbac is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375002
        • AND
          • comment libipa_hbac-devel is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355003
          • comment libipa_hbac-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375004
        • AND
          • comment libsss_idmap is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355005
          • comment libsss_idmap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375008
        • AND
          • comment libsss_idmap-devel is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355007
          • comment libsss_idmap-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375010
        • AND
          • comment libsss_nss_idmap is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355009
          • comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375012
        • AND
          • comment libsss_nss_idmap-devel is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355011
          • comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375014
        • AND
          • comment libsss_simpleifp is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355013
          • comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150441018
        • AND
          • comment libsss_simpleifp-devel is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355015
          • comment libsss_simpleifp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150441020
        • AND
          • comment python-libipa_hbac is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355017
          • comment python-libipa_hbac is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152355018
        • AND
          • comment python-libsss_nss_idmap is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355019
          • comment python-libsss_nss_idmap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152355020
        • AND
          • comment python-sss is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355021
          • comment python-sss is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152355022
        • AND
          • comment python-sss-murmur is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355023
          • comment python-sss-murmur is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152355024
        • AND
          • comment python-sssdconfig is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355025
          • comment python-sssdconfig is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375018
        • AND
          • comment sssd is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355027
          • comment sssd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375020
        • AND
          • comment sssd-ad is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355029
          • comment sssd-ad is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375022
        • AND
          • comment sssd-client is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355031
          • comment sssd-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375024
        • AND
          • comment sssd-common is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355033
          • comment sssd-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375026
        • AND
          • comment sssd-common-pac is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355035
          • comment sssd-common-pac is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375028
        • AND
          • comment sssd-dbus is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355037
          • comment sssd-dbus is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375030
        • AND
          • comment sssd-ipa is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355039
          • comment sssd-ipa is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375032
        • AND
          • comment sssd-krb5 is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355041
          • comment sssd-krb5 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375034
        • AND
          • comment sssd-krb5-common is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355043
          • comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375036
        • AND
          • comment sssd-ldap is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355045
          • comment sssd-ldap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375038
        • AND
          • comment sssd-libwbclient is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355047
          • comment sssd-libwbclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150441044
        • AND
          • comment sssd-libwbclient-devel is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355049
          • comment sssd-libwbclient-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150441046
        • AND
          • comment sssd-proxy is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355051
          • comment sssd-proxy is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375040
        • AND
          • comment sssd-tools is earlier than 0:1.13.0-40.el7
            oval oval:com.redhat.rhsa:tst:20152355053
          • comment sssd-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20141375042
    rhsa
    id RHSA-2015:2355
    released 2015-11-19
    severity Low
    title RHSA-2015:2355: sssd security, bug fix, and enhancement update (Low)
rpms
  • libipa_hbac-0:1.12.4-47.el6_7.4
  • libipa_hbac-devel-0:1.12.4-47.el6_7.4
  • libipa_hbac-python-0:1.12.4-47.el6_7.4
  • libsss_idmap-0:1.12.4-47.el6_7.4
  • libsss_idmap-devel-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-devel-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-python-0:1.12.4-47.el6_7.4
  • libsss_simpleifp-0:1.12.4-47.el6_7.4
  • libsss_simpleifp-devel-0:1.12.4-47.el6_7.4
  • python-sssdconfig-0:1.12.4-47.el6_7.4
  • sssd-0:1.12.4-47.el6_7.4
  • sssd-ad-0:1.12.4-47.el6_7.4
  • sssd-client-0:1.12.4-47.el6_7.4
  • sssd-common-0:1.12.4-47.el6_7.4
  • sssd-common-pac-0:1.12.4-47.el6_7.4
  • sssd-dbus-0:1.12.4-47.el6_7.4
  • sssd-debuginfo-0:1.12.4-47.el6_7.4
  • sssd-ipa-0:1.12.4-47.el6_7.4
  • sssd-krb5-0:1.12.4-47.el6_7.4
  • sssd-krb5-common-0:1.12.4-47.el6_7.4
  • sssd-ldap-0:1.12.4-47.el6_7.4
  • sssd-proxy-0:1.12.4-47.el6_7.4
  • sssd-tools-0:1.12.4-47.el6_7.4
  • libipa_hbac-0:1.13.0-40.el7
  • libipa_hbac-devel-0:1.13.0-40.el7
  • libsss_idmap-0:1.13.0-40.el7
  • libsss_idmap-devel-0:1.13.0-40.el7
  • libsss_nss_idmap-0:1.13.0-40.el7
  • libsss_nss_idmap-devel-0:1.13.0-40.el7
  • libsss_simpleifp-0:1.13.0-40.el7
  • libsss_simpleifp-devel-0:1.13.0-40.el7
  • python-libipa_hbac-0:1.13.0-40.el7
  • python-libsss_nss_idmap-0:1.13.0-40.el7
  • python-sss-0:1.13.0-40.el7
  • python-sss-murmur-0:1.13.0-40.el7
  • python-sssdconfig-0:1.13.0-40.el7
  • sssd-0:1.13.0-40.el7
  • sssd-ad-0:1.13.0-40.el7
  • sssd-client-0:1.13.0-40.el7
  • sssd-common-0:1.13.0-40.el7
  • sssd-common-pac-0:1.13.0-40.el7
  • sssd-dbus-0:1.13.0-40.el7
  • sssd-debuginfo-0:1.13.0-40.el7
  • sssd-ipa-0:1.13.0-40.el7
  • sssd-krb5-0:1.13.0-40.el7
  • sssd-krb5-common-0:1.13.0-40.el7
  • sssd-ldap-0:1.13.0-40.el7
  • sssd-libwbclient-0:1.13.0-40.el7
  • sssd-libwbclient-devel-0:1.13.0-40.el7
  • sssd-proxy-0:1.13.0-40.el7
  • sssd-tools-0:1.13.0-40.el7
refmap via4
bid 77529
confirm
fedora
  • FEDORA-2015-202c127199
  • FEDORA-2015-7b47df69d3
  • FEDORA-2015-cdea5324a8
mlist [sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
sectrack 1034038
Last major update 07-12-2016 - 18:16
Published 29-10-2015 - 16:59
Last modified 07-12-2016 - 18:16
Back to Top