[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] vulnerability in sssd 1.5.0+ (CVE-2011-1758)
From:       Vincent Danen <vdanen () redhat ! com>
Date:       2011-04-29 19:42:08
Message-ID: 20110429194208.GV2160 () redhat ! com
[Download RAW message or body]

Hello all.

Anyone shipping sssd 1.5.0 or higher will want to be aware of a flaw
that was found in how it handled cached passwords when renewal kerberos
tickets is enabled (this is a new feature in 1.5.0).  Due to a bug, the
cached password was overwritten with a (moderately) predictable
filename, which could allow a user to authenticate as someone else if
they knew the name of the cache file (under some pretty specific
conditions).

We've assigned the name CVE-2011-1758 to this issue and it is now fixed
upstream.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=700867
http://git.fedorahosted.org/git/?p=sssd.git;a=commitdiff;h=fffdae81651b460f3d2c119c56d5caa09b4de42a

-- 
Vincent Danen / Red Hat Security Response Team 
[prev in list] [next in list] [prev in thread] [next in thread]