Vulnerability Description
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Sssd | 1.9.0 |
Related Weaknesses (CWE)
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938
- http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46Patch
- http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48Patch
- http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67Patch
- http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaedPatch
- http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b1Patch
- http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec2Patch
- http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5aPatch
- http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397bePatch
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html
- http://rhn.redhat.com/errata/RHSA-2013-0663.html
- http://secunia.com/advisories/52704Vendor Advisory
- http://secunia.com/advisories/52722Vendor Advisory
- http://securitytracker.com/id?1028317
- http://www.securityfocus.com/bid/58593
FAQ
What is CVE-2013-0287?
CVE-2013-0287 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which all...
How severe is CVE-2013-0287?
CVE-2013-0287 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0287?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Sssd.