Published: 21/03/2013 Updated: 15/05/2013
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Vulnerability Summary

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 up to and including 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

Affected Products

Vendor Product Versions
FedoraprojectSssd1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4

Vendor Advisories

Synopsis Moderate: sssd security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated sssd packages that fix one security issue and two bugs are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Com ...