Novell Home

CVE-2013-0287

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0287 at MITRE

Description

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

NVD CVSS v2 Base Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

SUSE information

SUSE Bugzilla entry: 809153

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • libipa_hbac-devel >= 1.9.4-1.9.1
  • libipa_hbac0 >= 1.9.4-1.9.1
  • libipa_hbac0-debuginfo >= 1.9.4-1.9.1
  • libsss_idmap-devel >= 1.9.4-1.9.1
  • libsss_idmap0 >= 1.9.4-1.9.1
  • libsss_idmap0-debuginfo >= 1.9.4-1.9.1
  • libsss_sudo >= 1.9.4-1.9.1
  • libsss_sudo-debuginfo >= 1.9.4-1.9.1
  • python-ipa_hbac >= 1.9.4-1.9.1
  • python-ipa_hbac-debuginfo >= 1.9.4-1.9.1
  • python-sssd-config >= 1.9.4-1.9.1
  • python-sssd-config-debuginfo >= 1.9.4-1.9.1
  • sssd >= 1.9.4-1.9.1
  • sssd-32bit >= 1.9.4-1.9.1
  • sssd-debuginfo >= 1.9.4-1.9.1
  • sssd-debuginfo-32bit >= 1.9.4-1.9.1
  • sssd-debugsource >= 1.9.4-1.9.1
  • sssd-ipa-provider >= 1.9.4-1.9.1
  • sssd-ipa-provider-debuginfo >= 1.9.4-1.9.1
  • sssd-tools >= 1.9.4-1.9.1
  • sssd-tools-debuginfo >= 1.9.4-1.9.1
Patchnames:
openSUSE-2013-264

© 2015 Novell