Parent Directory | Revision Log
Remove CVE links from references CVE links are now added automatically
1 | boklm | 1 | ID: MGASA-2013-0158 |
2 | pubtime: 1370521473 | ||
3 | type: security | ||
4 | src: | ||
5 | 2: | ||
6 | core: | ||
7 | - sssd-1.8.6-1.mga2 | ||
8 | boklm | 40 | CVE: |
9 | - CVE-2013-0219 | ||
10 | boklm | 1 | subject: Updated sssd packages fix security vulnerability |
11 | description: | | ||
12 | A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, | ||
13 | System Security Services Daemon, performed copying and removal of (user) | ||
14 | directory trees.A local attacker, with permissions to write into directory of | ||
15 | the victim, being actively / currently copied / removed via the sssd daemon | ||
16 | facility, could use this flaw to conduct symbolic link attacks, leading to | ||
17 | their ability to alter / remove directories outside of originally intended, to | ||
18 | be modified, directory tree (CVE-2013-0219). | ||
19 | references: | ||
20 | - https://fedorahosted.org/sssd/ticket/1782 | ||
21 | - http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html | ||
22 | - https://bugs.mageia.org/show_bug.cgi?id=9027 | ||
23 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |