CVE-2010-0014

2010-01-1418:30:00

Debian Security Bug Tracker

security-tracker.debian.org

sssd

krb5 auth_provider

kdc

screen-locking program

kerberos ticket-granting ticket

tgt

access restrictions

vulnerability

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.006

Percentile

78.8%

JSON

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user’s Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.

OSVersionArchitecturePackageVersionFilename
Debian12allsssd< 1.0.5-1sssd_1.0.5-1_all.deb
Debian11allsssd< 1.0.5-1sssd_1.0.5-1_all.deb
Debian999allsssd< 1.0.5-1sssd_1.0.5-1_all.deb
Debian13allsssd< 1.0.5-1sssd_1.0.5-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	sssd	< 1.0.5-1	sssd_1.0.5-1_all.deb
Debian	11	all	sssd	< 1.0.5-1	sssd_1.0.5-1_all.deb
Debian	999	all	sssd	< 1.0.5-1	sssd_1.0.5-1_all.deb
Debian	13	all	sssd	< 1.0.5-1	sssd_1.0.5-1_all.deb