Denial of Service in System Security Services Daemon by Remote Attackers
CVE-2013-0220

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Sssd
Vendor: CVE Published:; 24 February 2013

🔔 Create Fedoraproject Vulnerability Alert

What is CVE-2013-0220?

The System Security Services Daemon (SSSD) contains a vulnerability that allows remote attackers to exploit specific functions responsible for handling commands, namely sss_autofs_cmd_getautomntent and sss_autofs_cmd_getautomntbyname in autofssrv_cmd.c, and ssh_cmd_parse_request in sshsrv_cmd.c. By sending crafted SSSD packets, attackers can trigger an out-of-bounds read, which may lead to denial of service events, including crashes and restarts of the service. This vulnerability affects versions prior to 1.9.4 and poses a risk of service disruption.

References

https://fedorahosted.org/sssd/ticket/1781

x_refsource_CONFIRM

https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4

x_refsource_CONFIRM

http://secunia.com/advisories/51928

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2013
Vulnerability Reserved
Dec 6, 2012