CVE-2013-0219

CWE-264CWE-36718 documents7 sources
Severity
3.7LOW
EPSS
0.1%
top 77.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fedoraproject SssdRedhat Enterprise Linux
Timeline
PublishedFeb 24
Latest updateMay 5

Description

System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages2 packages

Debiansssd< 1.8.4-2+3
NVDfedoraproject/sssd1.9.3+72

Also affects: Enterprise Linux 5, 6.0

🔴Vulnerability Details

3
GHSA
GHSA-6mv3-cv86-5f7j: System Security Services Daemon (SSSD) before 12022-05-05
OSV
CVE-2013-0219: System Security Services Daemon (SSSD) before 12013-02-24
CVEList
CVE-2013-0219: System Security Services Daemon (SSSD) before 12013-02-24

📋Vendor Advisories

2
Red Hat
sssd: TOCTOU race conditions by copying and removing directory trees2013-01-23
Debian
CVE-2013-0219: sssd - System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copy...2013

💬Community

12
Bugzilla
CVE-2013-0220 CVE-2013-0219 sssd various flaws [fedora-all]2013-01-23
Bugzilla
CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees [epel-5]2013-01-23
Bugzilla
CVE-2012-1702 mysql: unspecified unauthenticated DoS vulnerability related to Server (CPU Jan 2013)2013-01-16
Bugzilla
CVE-2013-0375 mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows remote attackers to alter confidentiality and integrity2013-01-16
Bugzilla
CVE-2013-0389 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)2013-01-16
CVE-2013-0219 (LOW CVSS 3.7) | System Security Services Daemon (SS | cvebase.io