Executive Summary

Informations
Name CVE-2013-0220 First vendor Publication 2013-02-24
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0220

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20984
 
Oval ID: oval:org.mitre.oval:def:20984
Title: RHSA-2013:0508: sssd security, bug fix and enhancement update (Low)
Description: The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.
Family: unix Class: patch
Reference(s): RHSA-2013:0508-02
CESA-2013:0508
CVE-2013-0219
CVE-2013-0220
 Version: 31
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): sssd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24024
 
Oval ID: oval:org.mitre.oval:def:24024
Title: ELSA-2013:0508: sssd security, bug fix and enhancement update (Low)
Description: The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.
Family: unix Class: patch
Reference(s): ELSA-2013:0508-02
CVE-2013-0219
CVE-2013-0220
 Version: 13
Platform(s): Oracle Linux 6
 Product(s): sssd
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 78

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0508.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0663.nasl - Type : ACT_GATHER_INFO
2013-03-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0663.nasl - Type : ACT_GATHER_INFO
2013-03-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0663.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0508.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_sssd_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0508.nasl - Type : ACT_GATHER_INFO
2013-02-13 Name : The remote Fedora host is missing a security update.
File : fedora_2013-1826.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2013-1795.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/57539
CONFIRM http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11...
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6...
https://fedorahosted.org/sssd/ticket/1781
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2013-February/09843...
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/09861...
MISC https://bugzilla.redhat.com/show_bug.cgi?id=884601
REDHAT http://rhn.redhat.com/errata/RHSA-2013-0508.html
SECUNIA http://secunia.com/advisories/51928
http://secunia.com/advisories/52315

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2023-02-13 09:28:34
  • Multiple Updates
2023-02-02 21:28:39
  • Multiple Updates
2021-05-05 01:11:54
  • Multiple Updates
2021-05-04 12:23:16
  • Multiple Updates
2021-04-22 01:27:48
  • Multiple Updates
2020-05-24 01:10:08
  • Multiple Updates
2020-05-23 00:35:41
  • Multiple Updates
2019-03-22 12:04:42
  • Multiple Updates
2016-04-26 22:39:27
  • Multiple Updates
2014-02-17 11:15:25
  • Multiple Updates
2013-05-10 22:27:59
  • Multiple Updates
2013-02-28 13:18:50
  • Multiple Updates
2013-02-26 00:18:43
  • Multiple Updates
2013-02-25 00:18:38
  • First insertion