Vulnerability in Fedorahosted Sssd
CVE-2010-4341
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
EPSS: 0.005 (38.0th percentile) — read the EPSS interpretation.
Affected products
- Fedorahosted Sssd — versions 1.4.0, 1.4.1
- Fedoraproject Sssd — versions 1.3.0, 1.5.0
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (vdb-entry, x_refsource_VUPEN)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- secalert@redhat.com (vendor-advisory, x_refsource_FEDORA, Patch)
- secalert@redhat.com (vdb-entry, x_refsource_XF)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (vendor-advisory, x_refsource_FEDORA, Patch)
- secalert@redhat.com (vdb-entry, x_refsource_VUPEN, Vendor Advisory)