CVE-2011-1758 in SSSD信息

摘要

由 VulDB • 2026-06-27

System Security Services Daemon (SSSD) 1.5.x(低于 1.5.7)版本中 providers/krb5/krb5_auth.c 文件中的 krb5_save_ccname_done 函数,在配置了自动票据续订和离线身份验证时,会将路径名字符串用作密码。本地用户可通过列出 /tmp 目录以获取该路径名,从而绕过 Kerberos 身份验证。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Want to stay up to date on a daily basis?

Enable the mail alert feature now!