Candidate: CVE-2012-3462
PublicDate: 2019-12-26 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3462
 https://access.redhat.com/security/cve/cve-2012-3462
Description:
 A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic
 causes the result of the HBAC rule processing to be ignored in the event
 that the access-provider is also handling the setup of the user's SELinux
 user context.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://pagure.io/SSSD/sssd/issue/1470
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_sssd:
 upstream: https://pagure.io/SSSD/sssd/c/ffcf27b0b773b580289d596f796aaf86c45ba920
upstream_sssd: released (1.10.0-1)
precise/esm_sssd: DNE
trusty_sssd: ignored (out of standard support)
trusty/esm_sssd: DNE
xenial_sssd: not-affected (1.13.4-1ubuntu1.15)
esm-infra/xenial_sssd: not-affected (1.13.4-1ubuntu1.15)
bionic_sssd: not-affected (1.16.1-1ubuntu1.4)
disco_sssd: not-affected
eoan_sssd: not-affected
devel_sssd: not-affected