QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1758

Published: May 26, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=700867

x_refsource_CONFIRM

https://fedorahosted.org/sssd/ticket/856

x_refsource_CONFIRM

[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)

mailing-list

x_refsource_MLIST

FEDORA-2011-5815

vendor-advisory

x_refsource_FEDORA

FEDORA-2011-6279

vendor-advisory

x_refsource_FEDORA

[sssd-devel] 20110429 SSSD Security Release 1.5.7

mailing-list

x_refsource_MLIST

https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7

x_refsource_CONFIRM

http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=700891

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.