CVE-2011-1758

CWE-287Improper Authentication6 documents5 sources
Severity
3.7LOW
EPSS
0.0%
top 85.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fedoraproject Sssd
Timeline
PublishedMay 26
Latest updateMay 17

Description

The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages1 packages

NVDfedoraproject/sssd8 versions+7

Patches

Patch: openwall.comPatch: bugzilla.redhat.comPatch: fedorahosted.org

🔴Vulnerability Details

2
GHSA
GHSA-rqv8-76v6-fcx2: The krb5_save_ccname_done function in providers/krb5/krb5_auth2022-05-17
CVEList
CVE-2011-1758: The krb5_save_ccname_done function in providers/krb5/krb5_auth2011-05-26

📋Vendor Advisories

1
Debian
CVE-2011-1758: sssd - The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Secur...2011

💬Community

2
Bugzilla
CVE-2011-1758 sssd: automatic TGT renewal overwrites cached password with predicatable filename [fedora-all]2011-04-29
Bugzilla
CVE-2011-1758 sssd: automatic TGT renewal overwrites cached password with value of predicatable filename2011-04-29