CVE Vulnerabilities

CVE-2015-5292

Published: Oct 29, 2015 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

Affected Software

Name Vendor Start Version End Version
Sssd Fedoraproject 1.12.5 1.12.5
Sssd Fedoraproject 1.10.1 1.10.1
Sssd Fedoraproject 1.11.0 1.11.0
Sssd Fedoraproject 1.10.0 1.10.0
Sssd Fedoraproject 1.12.2 1.12.2
Sssd Fedoraproject 1.11.4 1.11.4
Sssd Fedoraproject 1.12.0 1.12.0
Sssd Fedoraproject 1.11.5 1.11.5
Sssd Fedoraproject 1.11.3 1.11.3
Sssd Fedoraproject 1.12.3 1.12.3
Sssd Fedoraproject 1.11.7 1.11.7
Sssd Fedoraproject 1.11.1 1.11.1
Sssd Fedoraproject 1.11.6 1.11.6
Sssd Fedoraproject 1.12.1 1.12.1
Sssd Fedoraproject 1.11.2 1.11.2
Sssd Fedoraproject 1.13.0 1.13.0
Sssd Fedoraproject 1.12.4 1.12.4

References