Ticket #1781 (closed defect: fixed)

Opened 15 months ago

Last modified 15 months ago

sssd: Out-of-bounds read flaws in autofs and ssh services responders

Reported by: jhrozek Owned by: jcholast
Priority: blocker Milestone: SSSD 1.9.4
Component: SSSD Version: 1.9.3
Keywords: Cc:
Blocked By: Blocking:
Tests Updated: no Coverity Bug:
Patch Submitted: no Red Hat Bugzilla: 884601
Design link:
Feature Milestone:
Design review: no Fedora test page:
Chosen: Candidate to push out:
Release Notes:

Description

Multiple out-of-buffer bounds read flaws were found in the way autofs and ssh service responders of sssd, a System Security Services Daemon, performed parsing of SSSD packet values. An attacker could provide a specially-crafted packet that, when processed by the autofs or ssh service responders of sssd would lead to sssd server crash (temporary denial of service).

This issue was found by Florian Weimer of Red Hat Product Security Team.

Change History

comment:1 Changed 15 months ago by jhrozek

  • Owner changed from somebody to jcholast

comment:2 Changed 15 months ago by jhrozek

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.