It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | sssd | 2016-01-18 11:00 | ALAS-2016-635 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 2.1 | AV:N/AC:H/Au:S/C:N/I:N/A:P |
NVD | CVSSv2 | 6.8 | AV:N/AC:L/Au:S/C:N/I:N/A:C |