Showing 1 - 3 of 3

CVE-2017-12173

Status Candidate

Overview

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Related Files

Red Hat Security Advisory 2018-1877-01: Posted Jun 20, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1877-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The ding-libs packages contain a set of libraries used by the System Security Services Daemon as well as other projects, and provide functions to manipulate file system path names, a hash table to manage storage and access time properties, a data type to collect data in a hierarchical structure, a dynamically growing, reference-counted array, and a library to process configuration files in initialization format into a library collection data structure . Issues addressed include an unsanitized input vulnerability.; tags | advisory, remote; systems | linux, redhat; advisories | CVE-2017-12173; SHA-256 | c71225130bd3ab1c0a26635e211bffd670b8726cc8a92cc1f60dca7d398961cb; Download | Favorite | View

Ubuntu Security Notice USN-3526-1: Posted Jan 11, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3526-1 - It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information.; tags | advisory, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2017-12173; SHA-256 | b7922c4a9c676f88b0fe0cc2f64efa4fa7aa679e609d7ddd641dc4c26ac2454a; Download | Favorite | View

Red Hat Security Advisory 2017-3379-01: Posted Dec 4, 2017; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2017-3379-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix: It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.; tags | advisory, remote, local; systems | linux, redhat; advisories | CVE-2017-12173; SHA-256 | dea99acda0368239d3aafad33e3fc3ca13f9ec7dc4fe436b72b967535a811c17; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2017-12173

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems