advisories/9027.adv

ID: MGASA-2013-0158
pubtime: 1370521473
type: security
src:
  2:
   core:
     - sssd-1.8.6-1.mga2
CVE:
  - CVE-2013-0219
subject: Updated sssd packages fix security vulnerability
description: |
 A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
 System Security Services Daemon, performed copying and removal of (user)
 directory trees.A local attacker, with permissions to write into directory of
 the victim, being actively / currently copied / removed via the sssd daemon
 facility, could use this flaw to conduct symbolic link attacks, leading to
 their ability to alter / remove directories outside of originally intended, to
 be modified, directory tree (CVE-2013-0219).
references:
 - https://fedorahosted.org/sssd/ticket/1782
 - http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
 - https://bugs.mageia.org/show_bug.cgi?id=9027

1	ID: MGASA-2013-0158
2	pubtime: 1370521473
3	type: security
4	src:
5	2:
6	core:
7	- sssd-1.8.6-1.mga2
8	CVE:
9	- CVE-2013-0219
10	subject: Updated sssd packages fix security vulnerability
11	description: \|
12	A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
13	System Security Services Daemon, performed copying and removal of (user)
14	directory trees.A local attacker, with permissions to write into directory of
15	the victim, being actively / currently copied / removed via the sssd daemon
16	facility, could use this flaw to conduct symbolic link attacks, leading to
17	their ability to alter / remove directories outside of originally intended, to
18	be modified, directory tree (CVE-2013-0219).
19	references:
20	- https://fedorahosted.org/sssd/ticket/1782
21	- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
22	- https://bugs.mageia.org/show_bug.cgi?id=9027
23