Denial of Service in System Security Services Daemon by Remote Attackers
CVE-2013-0220

Currently unrated

Key Information:

Vendor

Fedoraproject

Status
Sssd
Vendor
CVE Published:
24 February 2013

What is CVE-2013-0220?

The System Security Services Daemon (SSSD) contains a vulnerability that allows remote attackers to exploit specific functions responsible for handling commands, namely sss_autofs_cmd_getautomntent and sss_autofs_cmd_getautomntbyname in autofssrv_cmd.c, and ssh_cmd_parse_request in sshsrv_cmd.c. By sending crafted SSSD packets, attackers can trigger an out-of-bounds read, which may lead to denial of service events, including crashes and restarts of the service. This vulnerability affects versions prior to 1.9.4 and poses a risk of service disruption.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://fedorahosted.org/sssd/ticket/1781
x_refsource_CONFIRM
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4
x_refsource_CONFIRM
http://secunia.com/advisories/51928
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.