System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00074.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject Subscribe
Sssd Subscribe
Redhat Subscribe
Enterprise Linux Subscribe

Configuration 1 [-]

OR cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.99.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.99.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.99:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.91:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.92:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.91:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.11:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.12:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.13:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.14:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.15:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.16:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.17:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.9.2:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
sssd-0:1.5.1-70.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2013:1319 2013-09-30T00:00:00Z
Red Hat Enterprise Linux 6
sssd-0:1.9.2-82.el6 cpe:/o:redhat:enterprise_linux:6 RHSA-2013:0508 2013-02-20T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2013-0253 System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047 cve-icon cve-icon
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9 cve-icon cve-icon
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a cve-icon cve-icon
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-0508.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1319.html cve-icon cve-icon
http://secunia.com/advisories/51928 cve-icon cve-icon
http://secunia.com/advisories/52315 cve-icon cve-icon
http://www.securityfocus.com/bid/57539 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=884254 cve-icon cve-icon
https://fedorahosted.org/sssd/ticket/1782 cve-icon cve-icon
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-0219 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-0219 cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T14:18:09.487Z

Reserved: 2012-12-06T00:00:00

Link: CVE-2013-0219

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2013-02-24T19:55:01.237

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-0219

cve-icon Redhat

Severity : Low

Publid Date: 2013-01-23T00:00:00Z

Links: CVE-2013-0219 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses