CVE-2010-4341

Published: 25 January 2011

The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.

Priority

Status

Package	Release	Status
sssd Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	karmic	Ignored (end of life)
	lucid	Not vulnerable
	maverick	Ignored (end of life)
	natty	Not vulnerable (1.2.1-4.1ubuntu3)
	oneiric	Not vulnerable
	upstream	Released (1.2.1-4.1)
	Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-0560.html

References

https://www.cve.org/CVERecord?id=CVE-2010-4341
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.