Parent Directory | Revision Log
Add advisory for bug 9027
1 | ID: MGASA-2013-0158 |
2 | pubtime: 1370521473 |
3 | type: security |
4 | src: |
5 | 2: |
6 | core: |
7 | - sssd-1.8.6-1.mga2 |
8 | subject: Updated sssd packages fix security vulnerability |
9 | description: | |
10 | A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, |
11 | System Security Services Daemon, performed copying and removal of (user) |
12 | directory trees.A local attacker, with permissions to write into directory of |
13 | the victim, being actively / currently copied / removed via the sssd daemon |
14 | facility, could use this flaw to conduct symbolic link attacks, leading to |
15 | their ability to alter / remove directories outside of originally intended, to |
16 | be modified, directory tree (CVE-2013-0219). |
17 | references: |
18 | - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0219 |
19 | - https://fedorahosted.org/sssd/ticket/1782 |
20 | - http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html |
21 | - https://bugs.mageia.org/show_bug.cgi?id=9027 |
22 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |