CVE-2013-0220 - Vulnerability Details

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Sssd
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:fedoraproject:sssd::::::::
	cpe:2.3:a:fedoraproject:sssd:0.2.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.3.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.3.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.3.2:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.3.3:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.4.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.4.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.5.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.6.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.6.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.7.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.7.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.99.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:0.99.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.0.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.0.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.0.2:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.0.3:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.0.4:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.0.5:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.0.6:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.0.99:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.1.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.1.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.1.2:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.1.91:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.1.92:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.2.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.2.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.2.2:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.2.3:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.2.4:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.2.91:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.3.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.3.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.4.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.4.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.2:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.3:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.4:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.5:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.6:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.6.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.7:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.8:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.9:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.10:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.11:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.12:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.13:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.14:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.15:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.16:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.5.17:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.6.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.6.1:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.6.2:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.6.3:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.6.4:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.7.0:::::::*
	cpe:2.3:a:fedoraproject:sssd:1.8.0:::::::*
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta1::::::
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta2::::::
cpe:2.3:a:fedoraproject:sssd:1.8.0:beta3::::::
cpe:2.3:a:fedoraproject:sssd:1.8.1:::::::*
cpe:2.3:a:fedoraproject:sssd:1.8.2:::::::*
cpe:2.3:a:fedoraproject:sssd:1.8.3:::::::*
cpe:2.3:a:fedoraproject:sssd:1.8.4:::::::*
cpe:2.3:a:fedoraproject:sssd:1.8.5:::::::*
cpe:2.3:a:fedoraproject:sssd:1.8.6:::::::*
cpe:2.3:a:fedoraproject:sssd:1.9.0:::::::*
cpe:2.3:a:fedoraproject:sssd:1.9.1:::::::*
cpe:2.3:a:fedoraproject:sssd:1.9.2:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
sssd-0:1.9.2-82.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0508	2013-02-20T00:00:00Z

References

Link	Providers
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html
http://rhn.redhat.com/errata/RHSA-2013-0508.html
http://secunia.com/advisories/51928
http://secunia.com/advisories/52315
http://www.securityfocus.com/bid/57539
https://bugzilla.redhat.com/show_bug.cgi?id=884601
https://fedorahosted.org/sssd/ticket/1781
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4
https://nvd.nist.gov/vuln/detail/CVE-2013-0220
https://www.cve.org/CVERecord?id=CVE-2013-0220

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-24T19:00:00Z

Updated: 2024-08-06T14:18:09.559Z

Reserved: 2012-12-06T00:00:00Z

Link: CVE-2013-0220

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-02-24T19:55:01.300

Modified: 2024-11-21T01:47:05.613

Link: CVE-2013-0220

Redhat

Severity : Low

Publid Date: 2013-01-23T00:00:00Z

Links: CVE-2013-0220 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2013-02-24T19:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fedorahosted.org/sssd/ticket/1781"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"}, {"name": "51928", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51928"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"}, {"name": "FEDORA-2013-1795", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"}, {"name": "RHSA-2013:0508", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"}, {"name": "52315", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52315"}, {"name": "57539", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57539"}, {"name": "FEDORA-2013-1826", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.559Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fedorahosted.org/sssd/ticket/1781"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"}, {"name": "51928", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"}, {"name": "FEDORA-2013-1795", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"}, {"name": "RHSA-2013:0508", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"}, {"name": "52315", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52315"}, {"name": "57539", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57539"}, {"name": "FEDORA-2013-1826", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0220", "state": "PUBLISHED", "dateReserved": "2012-12-06T00:00:00Z", "datePublished": "2013-02-24T19:00:00Z", "dateUpdated": "2024-08-06T14:18:09.559Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*", "matchCriteriaId": "71D26FCE-B49C-440F-9BDD-545346B34F03", "versionEndIncluding": "1.9.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "516466B9-5183-4F5B-A64E-836B365AC015", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5BE12795-5A6C-4EF6-86E1-A04FFEF853B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BC55E33-CF2F-4749-8CAE-510A35697B87", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "F37B00AF-51D5-4FBC-8335-23FB49A2BE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B2D3AAE-5B5B-4737-B24C-873B1B28DDF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D55E385B-87E0-4088-878F-0466BF05FC37", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E85F048-BEB3-4D35-954E-E4FFF2B7A9F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB6E070E-DB2B-4AFB-9E80-1061D51E572D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C6B15E7-C558-4B8C-9F25-B6B0F7D4DAE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4135B52-D2B0-4B38-AB94-294EDCF65C0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FA1CC29-EDF9-41F7-9EDC-79B7F7DAF232", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5E096D40-0543-423E-B3DD-21EEFA1760FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.99.0:*:*:*:*:*:*:*", "matchCriteriaId": "D519F093-C7E2-4F98-B64E-457B41FC52F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:0.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "F978466E-8AEA-4FA8-AD0F-2798CD5EEF03", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A301168-1345-4FE9-9E0E-8AADD698C59A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8C082CF-28D6-40EE-B7F4-C91B84596731", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4ECB1E88-66A4-49DD-837D-9B3ACE435E4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "45EE589F-FC9B-4C54-A1DD-2843B24BB3D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AD38D75C-996F-4C16-A781-976E26825894", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0183AE7C-E9E6-43D4-BBD8-1746C6FF6A94", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F27CA10-EDB9-4490-B99F-686D355CDC4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.99:*:*:*:*:*:*:*", "matchCriteriaId": "BADE09B6-1BC9-4332-B7D6-0D50A5A69E59", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B08A8BE5-381D-4A4F-9D54-6231B17793B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0C9BCBA-8A11-49CA-A019-16F78A65F369", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18B12A-82C6-4F97-B9B1-AA1390EFB129", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.91:*:*:*:*:*:*:*", "matchCriteriaId": "64127A7C-A984-4BD5-B3E6-3976AFAE07B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.92:*:*:*:*:*:*:*", "matchCriteriaId": "12A5A326-2387-468B-BDF5-ACD2D104F6D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D347DF6E-C425-444B-A25D-7958D7B4EAC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3DC738E-A68E-4ED9-8A5F-0888A4B6180B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F40B3E3B-E803-44B3-99E8-DD6A08F018B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "23F5EDBE-2D5F-4878-B7D8-4F9A6872DBA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "062BBB63-39E9-41F6-BF9F-141FA8033E26", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.91:*:*:*:*:*:*:*", "matchCriteriaId": "FD371750-E79F-432F-81DF-397A0F200E75", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "ABAEE5B2-54DA-4FB5-AD57-D00CAF17EE35", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DEABA055-C1EF-4E8D-88DC-FB542D6F91C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "313BCCE7-6B8C-47DD-BB54-7B390D131BB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "9507DCBF-45C9-43BF-8E89-9C480EBC4F09", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C38007C8-061C-4D6D-BC6B-83475E165A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8F39928-292C-4B1E-849F-4CB7534558B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "19ACB702-62F5-4614-9CB9-AC07CCEBB399", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "0524C067-9992-40F1-BC7A-EE382251151B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "74298682-9BFF-4F81-B387-BA0B036619E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC55E83E-AAA5-4228-8283-57EBFCE1EEE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "AFB0D128-F08B-41C1-B8A1-3FD7845B3F37", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "30FC0A62-9332-46F8-8415-50742BBDFC88", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "4C0E2D4D-7C14-45E8-9E6D-BE7357AD1FA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "FFA871AC-FD8D-4F1E-9F84-B35E08568E5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6B1FF7F0-6E19-4FB4-9E90-8188C1841C5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "7065AF03-99E9-4DE2-B58D-CBB15D5FCCE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "6F918F06-9860-4959-98C7-9E922A92424E", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "14D2B8A8-9F5C-4970-BD6D-FEB6E4E9D419", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "3021B870-7141-442E-9ABC-CD0538374CCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.14:*:*:*:*:*:*:*", "matchCriteriaId": "3D2C6D84-CD12-4201-BCCB-2613865734E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "F903EC2A-630A-4CE0-A4BE-2128A1A449B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "EE291086-6188-48A2-9A71-317AE4150263", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "F39C4381-3F9C-4A18-BAA0-6768E2227096", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA72408F-B759-4238-ADBE-5896EB8D9359", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDA8D7C7-BA09-432B-9956-3EAFEB56B039", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "C841BCE7-ACFA-48FC-9916-6743D53121BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "82059BE6-E075-42B3-A29E-AE88BBE1BE32", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "DCDCCFAB-5293-43F9-AD9F-4FB06E58FC0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B55D998-4648-42C4-BC90-8D2D3DF92805", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "082EECD4-0BA0-4467-9EEB-847A34A04906", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "97360F6C-BA99-4A58-94E1-FBDAEF4DF040", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "35CF5A7B-CB64-41E5-9B14-DE396F321A4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "44525CA2-BB2C-41F4-93A0-F0CF336C3011", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "79971450-4FA4-4A0B-9761-F6C261D98C3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6C6667AA-89D8-4EB2-ACED-9D37882D528D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "348E8F83-EA66-4F90-A340-6925F1A29E50", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6FADD7-F0CF-4F78-8126-DDAFB098D943", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "602BA6C0-A0B1-4573-92EB-FFB35E40ED2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "EFCFE36E-24BE-4092-B535-2EB8612E5EFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "288395D1-C084-48F5-B266-24CF02151F1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB813D7A-8048-4C24-BAED-D85999710F0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF7C04C5-0777-4ED5-A40B-81FCF625ECCF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet."}, {"lang": "es", "value": "La funci\u00f3n (1) sss_autofs_cmd_getautomntent y (2) sss_autofs_cmd_getautomntbyname en responder/autofs/autofssrv_cmd.c y la funci\u00f3n (3) ssh_cmd_parse_request en responder/ssh/sshsrv_cmd.c en System Security Services Daemon (SSSD) anterior a v1.9.4 permite a atacantes remotos generar una denegaci\u00f3n de servicio (lectura fuera de los l\u00edmites, ca\u00edda y reinicio) mediante una paquete SSSD especialmente dise\u00f1ado."}], "id": "CVE-2013-0220", "lastModified": "2024-11-21T01:47:05.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-24T19:55:01.300", "references": [{"source": "secalert@redhat.com", "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"}, {"source": "secalert@redhat.com", "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51928"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52315"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57539"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"}, {"source": "secalert@redhat.com", "url": "https://fedorahosted.org/sssd/ticket/1781"}, {"source": "secalert@redhat.com", "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/57539"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://fedorahosted.org/sssd/ticket/1781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "affected_release": [{"advisory": "RHSA-2013:0508", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "sssd-0:1.9.2-82.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}], "bugzilla": {"description": "sssd: Out-of-bounds read flaws in autofs and ssh services responders", "id": "884601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-125", "details": ["The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet."], "name": "CVE-2013-0220", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "sssd", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-01-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0220\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0220"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object