漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Sssd: use-after-free crash in sssd' 'sssd_pam' process
Vulnerability Description
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
无效指针解引用
Vulnerability Title
Red Hat System Security Services Daemon 资源管理错误漏洞
Vulnerability Description
Red Hat System Security Services Daemon是美国Red Hat公司开源的一个Linux中的守护进程组件。 Red Hat System Security Services Daemon存在资源管理错误漏洞,该漏洞源于SSSD PAM响应器中内存指针处理不当导致的释放后重用,可能导致本地攻击者操作智能卡或YubiKey内容,造成拒绝服务中断身份验证,并可能提权。以下版本受到影响:Red Hat Enterprise Linux 8.0版本、Red Hat Enterpri
CVSS Information
N/A
Vulnerability Type
N/A