CVE-2011-1758

Severity Score

3.7

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.

La función krb5_save_ccname_done en providers/krb5/krb5_auth.c en el Security Services Daemon (SSSD) v1.5.x anteriores a v1.5.7 1.5.x, cuando la renovación automática de tickets la autenticación fuera de línea está configurada, utiliza una cadena de ruta como contraseña, lo que permite a usuarios locales eludir la autenticación Kerberos listando el directorio /tmp para obtener la ruta de acceso.

*Credits: N/A

CVSS Scores

NISTv2 3.7

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-04-19 CVE Reserved
2011-05-26 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (9)

URL	Tag	Source
http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a	X_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=700891	X_refsource_confirm
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://openwall.com/lists/oss-security/2011/04/29/4	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=700867	2023-02-13
https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html	2023-02-13
https://fedorahosted.org/sssd/ticket/856	2023-02-13

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html	2023-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Fedoraproject Search vendor "Fedoraproject"		Sssd Search vendor "Fedoraproject" for product "Sssd"				1.5.0 Search vendor "Fedoraproject" for product "Sssd" and version "1.5.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Sssd Search vendor "Fedoraproject" for product "Sssd"				1.5.1 Search vendor "Fedoraproject" for product "Sssd" and version "1.5.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Sssd Search vendor "Fedoraproject" for product "Sssd"				1.5.2 Search vendor "Fedoraproject" for product "Sssd" and version "1.5.2"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Sssd Search vendor "Fedoraproject" for product "Sssd"				1.5.3 Search vendor "Fedoraproject" for product "Sssd" and version "1.5.3"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Sssd Search vendor "Fedoraproject" for product "Sssd"				1.5.4 Search vendor "Fedoraproject" for product "Sssd" and version "1.5.4"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Sssd Search vendor "Fedoraproject" for product "Sssd"				1.5.5 Search vendor "Fedoraproject" for product "Sssd" and version "1.5.5"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Sssd Search vendor "Fedoraproject" for product "Sssd"				1.5.6 Search vendor "Fedoraproject" for product "Sssd" and version "1.5.6"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Sssd Search vendor "Fedoraproject" for product "Sssd"				1.5.6.1 Search vendor "Fedoraproject" for product "Sssd" and version "1.5.6.1"		-		Affected