CVE-2015-5292
Public on 2015-10-29
Modified on 2016-01-18
Description
It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | sssd | 2016-01-18 | ALAS-2016-635 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 2.1 | AV:N/AC:H/Au:S/C:N/I:N/A:P |
| NVD | CVSSv2 | 6.8 | AV:N/AC:L/Au:S/C:N/I:N/A:C |