Advisories » MGASA-2013-0158

Updated sssd packages fix security vulnerability

Publication date: 06 Jun 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2013-0219

Description

A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
System Security Services Daemon, performed copying and removal of (user)
directory trees.A local attacker, with permissions to write into directory of
the victim, being actively / currently copied / removed via the sssd daemon
facility, could use this flaw to conduct symbolic link attacks, leading to
their ability to alter / remove directories outside of originally intended, to
be modified, directory tree (CVE-2013-0219).
                

References

• https://fedorahosted.org/sssd/ticket/1782
• http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
• https://bugs.mageia.org/show_bug.cgi?id=9027
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0219

SRPMS

2/core

• sssd-1.8.6-1.mga2