Memory Leak in System Security Services Daemon PAC Responder Plugin
CVE-2015-5292

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Sssd
Vendor: CVE Published:; 29 October 2015

🔔 Create Fedoraproject Vulnerability Alert

What is CVE-2015-5292?

A memory leak issue exists in the Privilege Attribute Certificate (PAC) responder plugin within the System Security Services Daemon (SSSD). This vulnerability can be exploited by remote authenticated users through repeated logins that provoke the parsing of PAC blobs during Kerberos authentication. Such actions may lead to excessive memory consumption, ultimately resulting in a denial of service, affecting the availability of the system.

References

http://rhn.redhat.com/errata/RHSA-2015-2355.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2015-2019.html

vendor-advisoryx_refsource_REDHAT

http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2015
Vulnerability Reserved
Jul 1, 2015