ALT-PU-2014-1550-1
Closed vulnerabilities
Published: 2015-10-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-5292
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
Severity: MEDIUM (6.8)
References:
- FEDORA-2015-202c127199
- FEDORA-2015-202c127199
- FEDORA-2015-7b47df69d3
- FEDORA-2015-7b47df69d3
- FEDORA-2015-cdea5324a8
- FEDORA-2015-cdea5324a8
- [sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
- [sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
- RHSA-2015:2019
- RHSA-2015:2019
- RHSA-2015:2355
- RHSA-2015:2355
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 77529
- 77529
- 1034038
- 1034038
- https://bugzilla.redhat.com/show_bug.cgi?id=1267580
- https://bugzilla.redhat.com/show_bug.cgi?id=1267580
- https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
- https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
- https://fedorahosted.org/sssd/ticket/2803
- https://fedorahosted.org/sssd/ticket/2803
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1