CVE-2010-4341

Published: Jan 25, 2011Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.

Affected (4)

Products: Fedorahosted: Sssd · Fedoraproject: Sssd

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fedorahosted Sssd	Version 1.4.0
Fedorahosted Sssd	Version 1.4.1
Fedoraproject Sssd	Version 1.3.0
Fedoraproject Sssd	Version 1.5.0

Related CWEs

CWE-399

References (26)

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html

Source: secalert@redhat.com

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html

Source: secalert@redhat.com

Patch

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: secalert@redhat.com

http://secunia.com/advisories/43053

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/43055

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/43068

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2011-0560.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2011-0975.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/45961

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0197

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=661163

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/64881

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html