CVE-2010-4341

Name of the Vulnerable Software and Affected Versions SSSD versions 1.3 through 1.5.0 SSSD version 1.4.x

Description The issue allows local users to cause a denial of service, resulting in an infinite loop, crash, and prevention of login, via a crafted packet. This is due to a problem in the pam parse in data v2 function.

Recommendations For SSSD versions 1.3 through 1.5.0, consider disabling the pam parse in data v2 function as a temporary workaround until a patch is available. For SSSD version 1.4.x, restrict access to the PAM responder to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.