Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-2704

Опубликовано: 18 фев. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-345
https://bugzilla.redhat.com/show_bug.cgi?id=1205752realmd: untrusted data is used when configuring sssd.conf and/or smb.conf

EPSS

Процентиль: 58%
0.0037
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-2704

ubuntu
больше 10 лет назад

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

nvd логотип

CVE-2015-2704

nvd
больше 10 лет назад

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

msrc логотип

CVE-2015-2704

msrc
около 1 месяца назад

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf

debian логотип

CVE-2015-2704

debian
больше 10 лет назад

realmd allows remote attackers to inject arbitrary configurations in t ...

github логотип

GHSA-5vx5-x2xx-23pj

github
больше 3 лет назад

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

EPSS

Процентиль: 58%
0.0037
Низкий

4.3 Medium

CVSS2