← voltar
CVE-2015-5292

CVE-2015-5292

EPSS 3.7%
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.htmlhttp://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422http://rhn.redhat.com/errata/RHSA-2015-2019.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2355.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1267580https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patchhttps://fedorahosted.org/sssd/ticket/2803https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/77529