Lucene search

PRIOn knowledge basePRION:CVE-2010-0014

HistoryJan 14, 2010 - 6:30 p.m.

Design/Logic Flaw

2010-01-1418:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

45.0%

JSON

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user’s Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.

CPENameOperatorVersion
sssdeq0.5.0
sssdeq0.3.1
sssdeq0.7.1
sssdeq0.2.1
sssdeq0.3.0
sssdle1.0.0
sssdeq0.99.0
sssdeq0.4.0
sssdeq0.3.2
sssdeq0.99.1

Name	Operator	Version
sssd	eq	0.5.0
sssd	eq	0.3.1
sssd	eq	0.7.1
sssd	eq	0.2.1
sssd	eq	0.3.0
sssd	le	1.0.0
sssd	eq	0.99.0
sssd	eq	0.4.0
sssd	eq	0.3.2
sssd	eq	0.99.1

Rows per page:

1-10 of 151

References

secunia.com/advisories/38160

www.securityfocus.com/bid/37747

bugzilla.redhat.com/show_bug.cgi?id=553233

fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1

7.3 High

AI Score

Confidence

Low

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for PRION:CVE-2010-0014