CVE-2015-5292

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

Published: Oct 29, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-5292
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
fedoraproject / sssd	1.12.5	1.12.5.x
fedoraproject / sssd	1.10.1	1.10.1.x
fedoraproject / sssd	1.11.0	1.11.0.x
fedoraproject / sssd	1.10.0	1.10.0.x
fedoraproject / sssd	1.12.2	1.12.2.x
fedoraproject / sssd	1.11.4	1.11.4.x
fedoraproject / sssd	1.12.0	1.12.0.x
fedoraproject / sssd	1.11.5	1.11.5.x
fedoraproject / sssd	1.11.3	1.11.3.x
fedoraproject / sssd	1.12.3	1.12.3.x
fedoraproject / sssd	1.11.7	1.11.7.x
fedoraproject / sssd	1.11.1	1.11.1.x
fedoraproject / sssd	1.11.6	1.11.6.x
fedoraproject / sssd	1.12.1	1.12.1.x
fedoraproject / sssd	1.11.2	1.11.2.x
fedoraproject / sssd	1.13.0	1.13.0.x
fedoraproject / sssd	1.12.4	1.12.4.x

Vulnerability Database

289,599

CVE-2015-5292