advisories/9027.adv

ID: MGASA-2013-0158
pubtime: 1370521473
type: security
src:
  2:
   core:
     - sssd-1.8.6-1.mga2
CVE:
  - CVE-2013-0219
subject: Updated sssd packages fix security vulnerability
description: |
 A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
 System Security Services Daemon, performed copying and removal of (user)
 directory trees.A local attacker, with permissions to write into directory of
 the victim, being actively / currently copied / removed via the sssd daemon
 facility, could use this flaw to conduct symbolic link attacks, leading to
 their ability to alter / remove directories outside of originally intended, to
 be modified, directory tree (CVE-2013-0219).
references:
 - https://fedorahosted.org/sssd/ticket/1782
 - http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
 - https://bugs.mageia.org/show_bug.cgi?id=9027

1	boklm	1	ID: MGASA-2013-0158
2			pubtime: 1370521473
3			type: security
4			src:
5			2:
6			core:
7			- sssd-1.8.6-1.mga2
8	boklm	40	CVE:
9			- CVE-2013-0219
10	boklm	1	subject: Updated sssd packages fix security vulnerability
11			description: \|
12			A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
13			System Security Services Daemon, performed copying and removal of (user)
14			directory trees.A local attacker, with permissions to write into directory of
15			the victim, being actively / currently copied / removed via the sssd daemon
16			facility, could use this flaw to conduct symbolic link attacks, leading to
17			their ability to alter / remove directories outside of originally intended, to
18			be modified, directory tree (CVE-2013-0219).
19			references:
20			- https://fedorahosted.org/sssd/ticket/1782
21			- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
22			- https://bugs.mageia.org/show_bug.cgi?id=9027
23