5 matches found
K17159: PAM vulnerability CVE-2009-2410
Security Advisory Description The localhandlercallback function in server/responder/pam/pamLOCALdomain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in...
SOL17159 - PAM vulnerability CVE-2009-2410
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
Fedora Update for sssd FEDORA-2010-0451
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2009-2410
The CVE-2009-2410 issue affects sssd 0.4.1, where the local_handler_callback in server/responder/pam/pam_LOCAL_domain.c mishandles blank-password accounts in the SSSD BE database. This allows context-dependent attackers to obtain access by supplying the account username and an arbitrary password ...
Fedora SSSD BE数据库无密码认证绕过漏洞
Bugraq ID: 35868 CVE ID:CVE-2009-2410 Fedora是一款基于linux内核的发行版本。 Fedora SSSD存在验证绕过问题,远程攻击者可以利用漏洞获得对目标系统的未授权访问。 如果用户增加到SSSD BE数据库,但没有设置密码,那么这个用户就可以通过SSH连接配置SSSD客户端机器,并无需任何密码即可访问。 RedHat SSSD 0.4.1-2 RedHat Fedora 11 厂商解决方案 用户可参考如下安全公告获得补丁信息: https://bugzilla.redhat.com/showbug.cgi?id=514057...