CVE-2015-2704

Опубликовано: 18 фев. 2015

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-345

https://bugzilla.redhat.com/show_bug.cgi?id=1205752realmd: untrusted data is used when configuring sssd.conf and/or smb.conf

EPSS

Процентиль: 59%

0.0037

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-2704

ubuntu

почти 11 лет назад

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

CVE-2015-2704

nvd

почти 11 лет назад

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

CVE-2015-2704

msrc

6 месяцев назад

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf

CVE-2015-2704

debian

почти 11 лет назад

realmd allows remote attackers to inject arbitrary configurations in t ...

GHSA-5vx5-x2xx-23pj

github

почти 4 года назад

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

EPSS

Процентиль: 59%

0.0037

Низкий

4.3 Medium

CVSS2