AmazonALAS-2016-636Medium: realmd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.6%
Issue Overview:
A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response.
Affected Packages:
realmd
Issue Correction:
Run yum update realmd to update your system.
New Packages:
i686:
realmd-debuginfo-0.16.1-5.5.amzn1.i686
realmd-0.16.1-5.5.amzn1.i686
noarch:
realmd-devel-docs-0.16.1-5.5.amzn1.noarch
src:
realmd-0.16.1-5.5.amzn1.src
x86_64:
realmd-debuginfo-0.16.1-5.5.amzn1.x86_64
realmd-0.16.1-5.5.amzn1.x86_64
Additional References
Red Hat: CVE-2015-2704
Mitre: CVE-2015-2704
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | realmd-debuginfo | < 0.16.1-5.5.amzn1 | realmd-debuginfo-0.16.1-5.5.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | realmd | < 0.16.1-5.5.amzn1 | realmd-0.16.1-5.5.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | realmd-devel-docs | < 0.16.1-5.5.amzn1 | realmd-devel-docs-0.16.1-5.5.amzn1.noarch.rpm |
| Amazon Linux | 1 | x86_64 | realmd-debuginfo | < 0.16.1-5.5.amzn1 | realmd-debuginfo-0.16.1-5.5.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | realmd | < 0.16.1-5.5.amzn1 | realmd-0.16.1-5.5.amzn1.x86_64.rpm |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.6%