PT-2011-1510 · Red Hat · Sssd+1

Sebastian Krahmer

Published

2011-01-25

Updated

2024-06-15

CVE-2010-4341

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions SSSD versions 1.3 through 1.5.0 SSSD version 1.4.x

Description The issue allows local users to cause a denial of service, resulting in an infinite loop, crash, and prevention of login, via a crafted packet. This is due to a problem in the pam parse in data v2 function.

Recommendations For SSSD versions 1.3 through 1.5.0, consider disabling the pam parse in data v2 function as a temporary workaround until a patch is available. For SSSD version 1.4.x, restrict access to the PAM responder to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2010-4341

OPENSUSE-SU-2024:10427-1

RHSA-2011:0560

RHSA-2011:0975

RHSA-2011_0560

RHSA-2011_0975

Affected Products

Red Hat

Sssd

PT-2011-1510 · Red Hat · Sssd+1

CVE-2010-4341

Weakness Enumeration

Related Identifiers

Affected Products

References · 28