advisories/9027.adv

ID: MGASA-2013-0158
pubtime: 1370521473
type: security
src:
  2:
   core:
     - sssd-1.8.6-1.mga2
subject: Updated sssd packages fix security vulnerability
description: |
 A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
 System Security Services Daemon, performed copying and removal of (user)
 directory trees.A local attacker, with permissions to write into directory of
 the victim, being actively / currently copied / removed via the sssd daemon
 facility, could use this flaw to conduct symbolic link attacks, leading to
 their ability to alter / remove directories outside of originally intended, to
 be modified, directory tree (CVE-2013-0219).
references:
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0219
 - https://fedorahosted.org/sssd/ticket/1782
 - http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
 - https://bugs.mageia.org/show_bug.cgi?id=9027

1	ID: MGASA-2013-0158
2	pubtime: 1370521473
3	type: security
4	src:
5	2:
6	core:
7	- sssd-1.8.6-1.mga2
8	subject: Updated sssd packages fix security vulnerability
9	description: \|
10	A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
11	System Security Services Daemon, performed copying and removal of (user)
12	directory trees.A local attacker, with permissions to write into directory of
13	the victim, being actively / currently copied / removed via the sssd daemon
14	facility, could use this flaw to conduct symbolic link attacks, leading to
15	their ability to alter / remove directories outside of originally intended, to
16	be modified, directory tree (CVE-2013-0219).
17	references:
18	- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0219
19	- https://fedorahosted.org/sssd/ticket/1782
20	- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
21	- https://bugs.mageia.org/show_bug.cgi?id=9027
22