Lucene search

K
cve[email protected]CVE-2015-5292
HistoryOct 29, 2015 - 4:59 p.m.

CVE-2015-5292

2015-10-2916:59:00
CWE-399
web.nvd.nist.gov
42
cve-2015-5292
memory leak
pac responder
sssd
denial of service
remote authentication

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.8%

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

Affected configurations

NVD
Node
fedoraprojectsssdMatch1.10.0
OR
fedoraprojectsssdMatch1.10.1
OR
fedoraprojectsssdMatch1.11.0
OR
fedoraprojectsssdMatch1.11.1
OR
fedoraprojectsssdMatch1.11.2
OR
fedoraprojectsssdMatch1.11.3
OR
fedoraprojectsssdMatch1.11.4
OR
fedoraprojectsssdMatch1.11.5
OR
fedoraprojectsssdMatch1.11.6
OR
fedoraprojectsssdMatch1.11.7
OR
fedoraprojectsssdMatch1.12.0
OR
fedoraprojectsssdMatch1.12.1
OR
fedoraprojectsssdMatch1.12.2
OR
fedoraprojectsssdMatch1.12.3
OR
fedoraprojectsssdMatch1.12.4
OR
fedoraprojectsssdMatch1.12.5
OR
fedoraprojectsssdMatch1.13.0

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.8%