MGASA-2017-0421

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0421.html

Import Source

https://advisories.mageia.org/MGASA-2017-0421.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0421

Related

CVE-2017-12173

Published

2017-11-20T21:18:02Z

Modified

2017-11-20T20:53:56Z

Summary

Updated sssd packages fix security vulnerability

Details

SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like '(objectClass=user) (name=username)' are used. However, in sysdbsearchuserbyupnres(), the input is not sanitized and allows to manipulate the search filter for cache lookups. This would allow a logged in user to discover the password hash of a different user (CVE-2017-12173).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / sssd

Package

Name: sssd
Purl: pkg:rpm/mageia/sssd?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.13.4-9.1.mga6

Ecosystem specific

{
    "section": "core"
}