3.7 - CVE-2011-1758

Executive Summary

Informations
Name	CVE-2011-1758	First vendor Publication	2011-05-26
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score	3.7	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	High
Cvss Expoit Score	1.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1758

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-287	Improper Authentication

CPE : Common Platform Enumeration

Type	Description	Count
Application	Fedoraproject Sssd cpe:2.3:a:fedoraproject:sssd:1.5.6.1:::::::* cpe:2.3:a:fedoraproject:sssd:1.5.6:::::::* cpe:2.3:a:fedoraproject:sssd:1.5.5:::::::* cpe:2.3:a:fedoraproject:sssd:1.5.4:::::::* cpe:2.3:a:fedoraproject:sssd:1.5.3:::::::* cpe:2.3:a:fedoraproject:sssd:1.5.2:::::::* cpe:2.3:a:fedoraproject:sssd:1.5.1:::::::* cpe:2.3:a:fedoraproject:sssd:1.5.0:::::::*	8

OpenVAS Exploits

Date	Description
2011-05-06	Name : Fedora Update for sssd FEDORA-2011-5815 File : nvt/gb_fedora_2011_5815_sssd_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
72113	SSSD Automatic Ticket Renewal Credentials Cache File User Impersonation SSSD contains a flaw related to the automatic ticket renewal service setting the credential cache pathe to the user's cached credentials. This may allow a remote attacker to log in as another user.

Nessus® Vulnerability Scanner

Date	Description
2011-05-06	Name : The remote Fedora host is missing a security update. File : fedora_2011-5815.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote Fedora host is missing a security update. File : fedora_2011-6279.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d...
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html
http://openwall.com/lists/oss-security/2011/04/29/4
https://bugzilla.redhat.com/show_bug.cgi?id=700867
https://bugzilla.redhat.com/show_bug.cgi?id=700891
https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html
https://fedorahosted.org/sssd/ticket/856
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:05:07	Multiple Updates
2024-11-28 12:25:36	Multiple Updates
2023-02-13 09:28:57	Multiple Updates
2021-05-04 12:14:24	Multiple Updates
2021-04-22 01:15:39	Multiple Updates
2020-05-23 00:28:24	Multiple Updates
2014-02-17 11:02:05	Multiple Updates
2013-05-10 22:59:40	Multiple Updates

Type	Count
CWE ID(s)	1
CPE ID(s)	8
Sources(s)	9
osvdb(s)	1
Openvas Exploit(s)	1
Nessus® Exploit(s)	2

3.7 - CVE-2011-1758

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU