Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 453808 (CVE-2013-0219)

Summary: <sys-auth/sssd-1.9.4: Multiple Denial of Service Vulnerabilities (CVE-2013-{0219,0220})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: andreis.vinogradovs, maksbotan, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/51928/
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-01-24 12:46:31 UTC 
From $URL :

Description
Multiple vulnerabilities have been reported in SSSD, which can be exploited by malicious people to 
cause a DoS (Denial of Service).

The vulnerabilities are caused due to out-of-bounds read errors within the 
"sss_autofs_cmd_getautomntent()" and "sss_autofs_cmd_getautomntbyname()" functions in 
src/responder/autofs/autofssrv_cmd.c and the "ssh_cmd_parse_request()" function in 
src/responder/ssh/sshsrv_cmd.c, which can be exploited to cause a crash by sending specially 
crafted packages to SSSD.

NOTE: Additionally, a race condition weakness exists when handling directory trees, which can lead 
to modification of the directory tree.

The vulnerabilities are reported in version 1.9.3. Other versions may also be affected.


Solution
Fixed in the repository.
Further details available to Secunia VIM customers

Provided and/or discovered by
Florian Weimer, Red Hat Product Security Team

Original Advisory
https://fedorahosted.org/sssd/ticket/1781
https://fedorahosted.org/sssd/ticket/1782
Comment 1 Andreis Vinogradovs ( slepnoga ) 2013-01-30 08:59:16 UTC 
upstream relozed new, 1.9.4,  version:

A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions when creating or removing home directories for users in local domain 
A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads in autofs and ssh responder

Proxy, please bump from 1.9.2 to 1.9.4 and remove all other 1.9.x ebuild.
Thank's
Comment 2 Maxim Koltsov (RETIRED) gentoo-dev 2013-01-31 17:58:50 UTC 
Bumped, vulnerable versions cleaned.
Comment 3 Agostino Sarubbo gentoo-dev 2013-01-31 18:11:26 UTC 
Arches, please test and mark stable:
=sys-auth/sssd-1.8.6
Target keywords : "amd64 x86"
Comment 4 Agostino Sarubbo gentoo-dev 2013-01-31 19:40:38 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-01-31 19:40:51 UTC 
x86 stable
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 23:14:33 UTC 
CVE-2013-0219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0219):
  System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2)
  copying, or (3) removing a user home directory tree, allows local users to
  create, modify, or delete arbitrary files via a symlink attack on another
  user's files.
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2013-03-22 16:26:24 UTC 
GLSA vote: no.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-03-22 16:26:37 UTC 
CVE-2013-0220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0220):
  The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname
  function in responder/autofs/autofssrv_cmd.c and the (3)
  ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System
  Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause
  a denial of service (out-of-bounds read, crash, and restart) via a crafted
  SSSD packet.
Comment 9 Chris Reffett (RETIRED) gentoo-dev Security 2013-12-11 02:09:06 UTC 
GLSA vote: no, closing noglsa.