CVE-2011-1758 - OpenCVE

The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Sssd

Configuration 1 [-]

OR	cpe:2.3:a:fedoraproject:sssd:1.5.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.2:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.3:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.4:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.5:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.6:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.6.1:::::::*

No data.

References

Link	Providers
http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html
http://openwall.com/lists/oss-security/2011/04/29/4
https://bugzilla.redhat.com/show_bug.cgi?id=700867
https://bugzilla.redhat.com/show_bug.cgi?id=700891
https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html
https://fedorahosted.org/sssd/ticket/856
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-05-26T18:00:00Z

Updated: 2024-08-06T22:37:25.779Z

Reserved: 2011-04-19T00:00:00Z

Link: CVE-2011-1758

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-05-26T18:55:02.237

Modified: 2023-02-13T04:30:49.477

Link: CVE-2011-1758

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2011-05-26T18:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://fedorahosted.org/sssd/ticket/856"}, {"name": "[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/29/4"}, {"name": "FEDORA-2011-5815", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"}, {"name": "FEDORA-2011-6279", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"}, {"name": "[sssd-devel] 20110429 SSSD Security Release 1.5.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:37:25.779Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fedorahosted.org/sssd/ticket/856"}, {"name": "[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/29/4"}, {"name": "FEDORA-2011-5815", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"}, {"name": "FEDORA-2011-6279", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"}, {"name": "[sssd-devel] 20110429 SSSD Security Release 1.5.7", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1758", "state": "PUBLISHED", "dateReserved": "2011-04-19T00:00:00Z", "datePublished": "2011-05-26T18:00:00Z", "dateUpdated": "2024-08-06T22:37:25.779Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C38007C8-061C-4D6D-BC6B-83475E165A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8F39928-292C-4B1E-849F-4CB7534558B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "19ACB702-62F5-4614-9CB9-AC07CCEBB399", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "0524C067-9992-40F1-BC7A-EE382251151B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "74298682-9BFF-4F81-B387-BA0B036619E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC55E83E-AAA5-4228-8283-57EBFCE1EEE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "AFB0D128-F08B-41C1-B8A1-3FD7845B3F37", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "30FC0A62-9332-46F8-8415-50742BBDFC88", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname."}, {"lang": "es", "value": "La funci\u00f3n krb5_save_ccname_done en providers/krb5/krb5_auth.c en el Security Services Daemon (SSSD) v1.5.x anteriores a v1.5.7 1.5.x, cuando la renovaci\u00f3n autom\u00e1tica de tickets la autenticaci\u00f3n fuera de l\u00ednea est\u00e1 configurada, utiliza una cadena de ruta como contrase\u00f1a, lo que permite a usuarios locales eludir la autenticaci\u00f3n Kerberos listando el directorio /tmp para obtener la ruta de acceso."}], "id": "CVE-2011-1758", "lastModified": "2023-02-13T04:30:49.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-26T18:55:02.237", "references": [{"source": "secalert@redhat.com", "url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/29/4"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://fedorahosted.org/sssd/ticket/856"}, {"source": "secalert@redhat.com", "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}