CVE-2012-3462
Published: 26 December 2019
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
Priority
Status
Package | Release | Status |
---|---|---|
sssd Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(1.16.1-1ubuntu1.4)
|
disco |
Not vulnerable
|
|
eoan |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.10.0-1)
|
|
xenial |
Not vulnerable
(1.13.4-1ubuntu1.15)
|
|
Patches: upstream: https://pagure.io/SSSD/sssd/c/ffcf27b0b773b580289d596f796aaf86c45ba920 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |