Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 453808 (CVE-2013-0219) - <sys-auth/sssd-1.9.4: Multiple Denial of Service Vulnerabilities (CVE-2013-{0219,0220})
Summary: <sys-auth/sssd-1.9.4: Multiple Denial of Service Vulnerabilities (CVE-2013-{0...
Alias: CVE-2013-0219
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2013-01-24 12:46 UTC by Agostino Sarubbo
Modified: 2013-12-11 02:09 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-01-24 12:46:31 UTC
From $URL :

Multiple vulnerabilities have been reported in SSSD, which can be exploited by malicious people to 
cause a DoS (Denial of Service).

The vulnerabilities are caused due to out-of-bounds read errors within the 
"sss_autofs_cmd_getautomntent()" and "sss_autofs_cmd_getautomntbyname()" functions in 
src/responder/autofs/autofssrv_cmd.c and the "ssh_cmd_parse_request()" function in 
src/responder/ssh/sshsrv_cmd.c, which can be exploited to cause a crash by sending specially 
crafted packages to SSSD.

NOTE: Additionally, a race condition weakness exists when handling directory trees, which can lead 
to modification of the directory tree.

The vulnerabilities are reported in version 1.9.3. Other versions may also be affected.

Fixed in the repository.
Further details available to Secunia VIM customers

Provided and/or discovered by
Florian Weimer, Red Hat Product Security Team

Original Advisory
Comment 1 Andreis Vinogradovs ( slepnoga ) 2013-01-30 08:59:16 UTC
upstream relozed new, 1.9.4,  version:

A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions when creating or removing home directories for users in local domain 
A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads in autofs and ssh responder

Proxy, please bump from 1.9.2 to 1.9.4 and remove all other 1.9.x ebuild.
Comment 2 Maxim Koltsov (RETIRED) gentoo-dev 2013-01-31 17:58:50 UTC
Bumped, vulnerable versions cleaned.
Comment 3 Agostino Sarubbo gentoo-dev 2013-01-31 18:11:26 UTC
Arches, please test and mark stable:
Target keywords : "amd64 x86"
Comment 4 Agostino Sarubbo gentoo-dev 2013-01-31 19:40:38 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-01-31 19:40:51 UTC
x86 stable
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 23:14:33 UTC
CVE-2013-0219 (
  System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2)
  copying, or (3) removing a user home directory tree, allows local users to
  create, modify, or delete arbitrary files via a symlink attack on another
  user's files.
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2013-03-22 16:26:24 UTC
GLSA vote: no.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-03-22 16:26:37 UTC
CVE-2013-0220 (
  The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname
  function in responder/autofs/autofssrv_cmd.c and the (3)
  ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System
  Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause
  a denial of service (out-of-bounds read, crash, and restart) via a crafted
  SSSD packet.
Comment 9 Chris Reffett (RETIRED) gentoo-dev Security 2013-12-11 02:09:06 UTC
GLSA vote: no, closing noglsa.