2.1

CVE-2010-4341

The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedorahostedSssd Version1.4.0
FedorahostedSssd Version1.4.1
FedoraprojectSssd Version1.3.0
FedoraprojectSssd Version1.5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.38
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://www.vupen.com/english/advisories/2011/0212
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html
Patch
http://secunia.com/advisories/43053
Vendor Advisory
http://secunia.com/advisories/43055
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0560.html
http://www.redhat.com/support/errata/RHSA-2011-0975.html
http://www.securityfocus.com/bid/45961
http://www.vupen.com/english/advisories/2011/0197
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=661163
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64881