[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-4341Date: (C)2011-01-24   (M)2023-12-22


The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-43053
SECUNIA-43055
SECUNIA-43068
BID-45961
ADV-2011-0197
ADV-2011-0212
FEDORA-2011-0337
FEDORA-2011-0364
RHSA-2011:0560
RHSA-2011:0975
SUSE-SR:2011:002
https://bugzilla.redhat.com/show_bug.cgi?id=661163
sssd-pamparseindatav2-dos(64881)

CPE    2
cpe:/a:fedoraproject:sssd:1.5.0
cpe:/a:fedoraproject:sssd:1.3.0
CWE    1
CWE-399
OVAL    8
oval:org.secpod.oval:def:201588
oval:org.secpod.oval:def:201638
oval:org.secpod.oval:def:500080
oval:org.secpod.oval:def:102637
...

© SecPod Technologies