3.7

CVE-2010-0014

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectSssd Version <= 1.0.0
FedoraprojectSssd Version0.2.1
FedoraprojectSssd Version0.3.0
FedoraprojectSssd Version0.3.1
FedoraprojectSssd Version0.3.2
FedoraprojectSssd Version0.3.3
FedoraprojectSssd Version0.4.0
FedoraprojectSssd Version0.4.1
FedoraprojectSssd Version0.5.0
FedoraprojectSssd Version0.6.0
FedoraprojectSssd Version0.6.1
FedoraprojectSssd Version0.7.0
FedoraprojectSssd Version0.7.1
FedoraprojectSssd Version0.99.0
FedoraprojectSssd Version0.99.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.69% 0.478
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 1.9 6.4
AV:L/AC:H/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/38160
Vendor Advisory
http://www.securityfocus.com/bid/37747
https://bugzilla.redhat.com/show_bug.cgi?id=553233
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1
Patch