CVE-2013-0287

Description

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

Category

4.9
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 0.46%
Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory secunia.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html vendor advisory
http://secunia.com/advisories/52704 third party advisory vendor advisory
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5 patch
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4 patch
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938
https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html mailing list
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb patch
http://www.securityfocus.com/bid/58593 vdb entry
http://secunia.com/advisories/52722 third party advisory vendor advisory
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef patch
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1 patch
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93 patch
http://securitytracker.com/id?1028317 vdb entry
http://rhn.redhat.com/errata/RHSA-2013-0663.html vendor advisory
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b patch
http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb patch

Frequently Asked Questions

What is the severity of CVE-2013-0287?
CVE-2013-0287 has been scored as a medium severity vulnerability.
How to fix CVE-2013-0287?
To fix CVE-2013-0287, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2013-0287 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2013-0287 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.