SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   System Security Services Daemon (SSSD) Vendors:   SSSD
System Security Services Daemon (SSSD) Memory Leak in PAC Plugin Lets Remote Authenticated Users Consume Excessive Memory Resources
SecurityTracker Alert ID:  1034038
SecurityTracker URL:  http://securitytracker.com/id/1034038
CVE Reference:   CVE-2015-5292   (Links to External Site)
Date:  Oct 30 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.10 to prior to 1.13.1
Description:   A vulnerability was reported in System Security Services Daemon (SSSD). A remote authenticated user can consume excessive memory on the target system.

A remote authenticated user can supply a large number of specially crafted Kerberos authentication attempts to trigger a memory leak in the Privilege Attribute Certificate (PAC) plugin ('sssd_pac_plugin.so') and consume excessive memory on the target system.

Impact:   A remote authenticated user can consume excessive memory resources on the target system.
Solution:   The vendor has issued a fix (1.13.1).

A patch is available at:

https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch

Vendor URL:  fedorahosted.org/sssd/ (Links to External Site)
Cause:   Resource error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 10 2015 (Red Hat Issues Fix) System Security Services Daemon (SSSD) Memory Leak in PAC Plugin Lets Remote Authenticated Users Consume Excessive Memory Resources
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Nov 10 2015 (CentOS Issues Fix) System Security Services Daemon (SSSD) Memory Leak in PAC Plugin Lets Remote Authenticated Users Consume Excessive Memory Resources
CentOS has issued a fix for CentOS Linux 6.
Nov 12 2015 (Oracle Issues Fix for Oracle Linux) System Security Services Daemon (SSSD) Memory Leak in PAC Plugin Lets Remote Authenticated Users Consume Excessive Memory Resources
Oracle has issued a fix for Oracle Linux 6.
Nov 20 2015 (Red Hat Issues Fix) System Security Services Daemon (SSSD) Memory Leak in PAC Plugin Lets Remote Authenticated Users Consume Excessive Memory Resources
Red Hat has issued a fix for Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC