Local Authentication Bypass in System Security Services Daemon by Red Hat
CVE-2011-1758

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Sssd
Vendor: CVE Published:; 26 May 2011

🔔 Create Fedoraproject Vulnerability Alert

What is CVE-2011-1758?

A vulnerability exists in the System Security Services Daemon (SSSD) versions prior to 1.5.7, specifically in the krb5_save_ccname_done function. When automatic ticket renewal and offline authentication are enabled, the function improperly uses a pathname string as a password. This flaw allows local users to list the /tmp directory and retrieve the pathname, effectively bypassing Kerberos authentication mechanisms. This situation raises significant security concerns for systems using SSSD that rely on robust user authentication.

References

https://bugzilla.redhat.com/show_bug.cgi?id=700867

x_refsource_CONFIRM

https://fedorahosted.org/sssd/ticket/856

x_refsource_CONFIRM

http://openwall.com/lists/oss-security/2011/04/29/4

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2011
Vulnerability Reserved
Apr 19, 2011