CVE-2013-0287

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
fedoraprojectsssd
1.9.0
fedoraprojectsssd
1.9.1
fedoraprojectsssd
1.9.2
fedoraprojectsssd
1.9.3
fedoraprojectsssd
1.9.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sssd
bookworm
2.8.2-4
fixed
bullseye
2.4.1-2
fixed
sid
2.9.5-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sssd
hardy
dne
lucid
not-affected
oneiric
not-affected
precise
not-affected
quantal
ignored
raring
ignored
saucy
not-affected
trusty
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libipa_hbac-devel
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libipa_hbac0
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libsss_certmap-devel
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libsss_certmap0
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libsss_idmap-devel
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libsss_idmap0
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libsss_nss_idmap-devel
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libsss_nss_idmap0
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libsss_simpleifp-devel
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
libsss_simpleifp0
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
python-sssd-config
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
python3-sssd-config
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-32bit
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-ad
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-dbus
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-ipa
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-krb5
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-krb5-common
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-ldap
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-proxy
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-tools
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 12 SP5
1.16.1-4.17.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 12 SP5
1.16.1-4.17.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-wbclient
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
sssd-wbclient-devel
suse enterprise desktop 15
1.16.1-1.22
fixed
suse enterprise desktop 15 SP1
1.16.1-3.18.1
fixed
suse enterprise sap 15
1.16.1-1.22
fixed
suse enterprise sap 15 SP1
1.16.1-3.18.1
fixed
suse enterprise server 15
1.16.1-1.22
fixed
suse enterprise server 15 SP1
1.16.1-3.18.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libipa
RHEL 6
0:1.9.2-82.4.el6_4
fixed
libsss
RHEL 6
0:1.9.2-82.4.el6_4
fixed
sssd
RHEL 6
0:1.9.2-82.4.el6_4
fixed
sssd-client
RHEL 6
0:1.9.2-82.4.el6_4
fixed
sssd-tools
RHEL 6
0:1.9.2-82.4.el6_4
fixed
Common Weakness Enumeration
References
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1
http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html
http://rhn.redhat.com/errata/RHSA-2013-0663.html
http://secunia.com/advisories/52704
http://secunia.com/advisories/52722
http://securitytracker.com/id?1028317
http://www.securityfocus.com/bid/58593
https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1
http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html
http://rhn.redhat.com/errata/RHSA-2013-0663.html
http://secunia.com/advisories/52704
http://secunia.com/advisories/52722
http://securitytracker.com/id?1028317
http://www.securityfocus.com/bid/58593
https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html