System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Sssd
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.99.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:0.99.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.0.99:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.91:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.1.92:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.2.91:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.11:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.12:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.13:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.14:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.15:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.16:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.17:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.9.2:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
sssd-0:1.5.1-70.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2013:1319 2013-09-30T00:00:00Z
Red Hat Enterprise Linux 6
sssd-0:1.9.2-82.el6 cpe:/o:redhat:enterprise_linux:6 RHSA-2013:0508 2013-02-20T00:00:00Z
References
Link Providers
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047 cve-icon cve-icon
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9 cve-icon cve-icon
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a cve-icon cve-icon
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-0508.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1319.html cve-icon cve-icon
http://secunia.com/advisories/51928 cve-icon cve-icon
http://secunia.com/advisories/52315 cve-icon cve-icon
http://www.securityfocus.com/bid/57539 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=884254 cve-icon cve-icon
https://fedorahosted.org/sssd/ticket/1782 cve-icon cve-icon
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-0219 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-0219 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-24T19:00:00

Updated: 2024-08-06T14:18:09.487Z

Reserved: 2012-12-06T00:00:00

Link: CVE-2013-0219

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-02-24T19:55:01.237

Modified: 2023-02-13T04:38:43.623

Link: CVE-2013-0219

cve-icon Redhat

Severity : Low

Publid Date: 2013-01-23T00:00:00Z

Links: CVE-2013-0219 - Bugzilla