CVE-2013-0287

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
Severity
UNKNOWN
AV:N/AC:M/Au:S/C:P/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
fedoraprojectsssd
1.9.0
fedoraprojectsssd
1.9.1
fedoraprojectsssd
1.9.2
fedoraprojectsssd
1.9.3
fedoraprojectsssd
1.9.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sssd
bullseye
2.4.1-2
fixed
bookworm
2.8.2-4
fixed
sid
2.9.5-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sssd
trusty
dne
saucy
not-affected
raring
ignored
quantal
ignored
precise
not-affected
oneiric
not-affected
lucid
not-affected
hardy
dne
Common Weakness Enumeration
References