Parent Directory | Revision Log
Remove CVE links from references CVE links are now added automatically
1 | ID: MGASA-2013-0158 |
2 | pubtime: 1370521473 |
3 | type: security |
4 | src: |
5 | 2: |
6 | core: |
7 | - sssd-1.8.6-1.mga2 |
8 | CVE: |
9 | - CVE-2013-0219 |
10 | subject: Updated sssd packages fix security vulnerability |
11 | description: | |
12 | A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, |
13 | System Security Services Daemon, performed copying and removal of (user) |
14 | directory trees.A local attacker, with permissions to write into directory of |
15 | the victim, being actively / currently copied / removed via the sssd daemon |
16 | facility, could use this flaw to conduct symbolic link attacks, leading to |
17 | their ability to alter / remove directories outside of originally intended, to |
18 | be modified, directory tree (CVE-2013-0219). |
19 | references: |
20 | - https://fedorahosted.org/sssd/ticket/1782 |
21 | - http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html |
22 | - https://bugs.mageia.org/show_bug.cgi?id=9027 |
23 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |