CVE-2011-1758
published 2011-05-26CVE-2011-1758: The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal…
low3.7CVSS 3.1
AVLACHAuNCPIPAP
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |