Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0158)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2013.0158

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2013-0158)

Resumen: The remote host is missing an update for the 'sssd' package(s) announced via the MGASA-2013-0158 advisory.

Descripción: Summary:
The remote host is missing an update for the 'sssd' package(s) announced via the MGASA-2013-0158 advisory.

Vulnerability Insight:
A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
System Security Services Daemon, performed copying and removal of (user)
directory trees.A local attacker, with permissions to write into directory of
the victim, being actively / currently copied / removed via the sssd daemon
facility, could use this flaw to conduct symbolic link attacks, leading to
their ability to alter / remove directories outside of originally intended, to
be modified, directory tree (CVE-2013-0219).

Affected Software/OS:
'sssd' package(s) on Mageia 2.

Solution:
Please install the updated package(s).

CVSS Score:
3.7

CVSS Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0219
51928
http://secunia.com/advisories/51928
52315
http://secunia.com/advisories/52315
57539
http://www.securityfocus.com/bid/57539
FEDORA-2013-1795
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
FEDORA-2013-1826
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html
RHSA-2013:0508
http://rhn.redhat.com/errata/RHSA-2013-0508.html
RHSA-2013:1319
http://rhn.redhat.com/errata/RHSA-2013-1319.html
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37
https://bugzilla.redhat.com/show_bug.cgi?id=884254
https://fedorahosted.org/sssd/ticket/1782
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2013.0158
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2013-0158)
Resumen:	The remote host is missing an update for the 'sssd' package(s) announced via the MGASA-2013-0158 advisory.
Descripción:	Summary: The remote host is missing an update for the 'sssd' package(s) announced via the MGASA-2013-0158 advisory. Vulnerability Insight: A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, System Security Services Daemon, performed copying and removal of (user) directory trees.A local attacker, with permissions to write into directory of the victim, being actively / currently copied / removed via the sssd daemon facility, could use this flaw to conduct symbolic link attacks, leading to their ability to alter / remove directories outside of originally intended, to be modified, directory tree (CVE-2013-0219). Affected Software/OS: 'sssd' package(s) on Mageia 2. Solution: Please install the updated package(s). CVSS Score: 3.7 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0219 51928 http://secunia.com/advisories/51928 52315 http://secunia.com/advisories/52315 57539 http://www.securityfocus.com/bid/57539 FEDORA-2013-1795 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html FEDORA-2013-1826 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html RHSA-2013:0508 http://rhn.redhat.com/errata/RHSA-2013-0508.html RHSA-2013:1319 http://rhn.redhat.com/errata/RHSA-2013-1319.html http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37 https://bugzilla.redhat.com/show_bug.cgi?id=884254 https://fedorahosted.org/sssd/ticket/1782 https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4
Copyright	Copyright (C) 2022 Greenbone AG