CVE-2010-0014

Sažetak

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.

Reference

http://secunia.com/advisories/38160
http://www.securityfocus.com/bid/37747
https://bugzilla.redhat.com/show_bug.cgi?id=553233
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1

CVSS

Base:	3.7
Impact:	6.4
Exploitability:	1.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-01-2010 - 05:00

Objavljeno

14-01-2010 - 18:30