CVE-2011-1758 : The krb5_save_ccname_done function in providers/krb5/krb5

The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.

Published 2011-05-26 18:55:02

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2011-1758

Fedoraproject » Sssd » Version: 1.5.0
cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Sssd » Version: 1.5.1
cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Sssd » Version: 1.5.3
cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Sssd » Version: 1.5.5
cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Sssd » Version: 1.5.6
cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Sssd » Version: 1.5.6.1
cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Sssd » Version: 1.5.2
cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Sssd » Version: 1.5.4
cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-1758

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-1758

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.7	LOW	AV:L/AC:H/Au:N/C:P/I:P/A:P	1.9	6.4	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-1758

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1758

https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7

Infrastructure/Fedorahosted-retirement - Fedora Project Wiki
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html

[SECURITY] Fedora 15 Update: sssd-1.5.7-1.fc15
http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a

Infrastructure/Fedorahosted-retirement - Fedora Project Wiki
https://bugzilla.redhat.com/show_bug.cgi?id=700867

700867 – (CVE-2011-1758) CVE-2011-1758 sssd: automatic TGT renewal overwrites cached password with value of predicatable filename
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html

[SECURITY] Fedora 14 Update: sssd-1.5.7-1.fc14
https://fedorahosted.org/sssd/ticket/856

Issue #856: Automatic TGT renewal overwrites cached password - sssd - Pagure.io
Patch
http://openwall.com/lists/oss-security/2011/04/29/4

oss-security - vulnerability in sssd 1.5.0+ (CVE-2011-1758)
Patch
https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html

Infrastructure/Fedorahosted-retirement - Fedora Project Wiki
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=700891

700891 – CVE-2011-1758 sssd: automatic TGT renewal overwrites cached password with predicatable filename [fedora-all]

Jump to

Vulnerability Details : CVE-2011-1758

Products affected by CVE-2011-1758

Exploit prediction scoring system (EPSS) score for CVE-2011-1758

CVSS scores for CVE-2011-1758

CWE ids for CVE-2011-1758

References for CVE-2011-1758