CVE-2011-1758

{"id": "CVE-2011-1758", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-05-26T18:55:02.237", "references": [{"url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html", "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2011/04/29/4", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891", "source": "secalert@redhat.com"}, {"url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://fedorahosted.org/sssd/ticket/856", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname."}, {"lang": "es", "value": "La funci\u00f3n krb5_save_ccname_done en providers/krb5/krb5_auth.c en el Security Services Daemon (SSSD) v1.5.x anteriores a v1.5.7 1.5.x, cuando la renovaci\u00f3n autom\u00e1tica de tickets la autenticaci\u00f3n fuera de l\u00ednea est\u00e1 configurada, utiliza una cadena de ruta como contrase\u00f1a, lo que permite a usuarios locales eludir la autenticaci\u00f3n Kerberos listando el directorio /tmp para obtener la ruta de acceso."}], "lastModified": "2023-02-13T04:30:49.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C38007C8-061C-4D6D-BC6B-83475E165A3C"}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F39928-292C-4B1E-849F-4CB7534558B7"}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19ACB702-62F5-4614-9CB9-AC07CCEBB399"}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0524C067-9992-40F1-BC7A-EE382251151B"}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74298682-9BFF-4F81-B387-BA0B036619E5"}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC55E83E-AAA5-4228-8283-57EBFCE1EEE8"}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFB0D128-F08B-41C1-B8A1-3FD7845B3F37"}, {"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FC0A62-9332-46F8-8415-50742BBDFC88"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}