{"id":"MGASA-2013-0158","summary":"Updated sssd packages fix security vulnerability","details":"A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,\nSystem Security Services Daemon, performed copying and removal of (user)\ndirectory trees.A local attacker, with permissions to write into directory of\nthe victim, being actively / currently copied / removed via the sssd daemon\nfacility, could use this flaw to conduct symbolic link attacks, leading to\ntheir ability to alter / remove directories outside of originally intended, to\nbe modified, directory tree (CVE-2013-0219).\n","modified":"2026-04-16T00:10:34.539956418Z","published":"2013-06-06T12:24:33Z","upstream":["CVE-2013-0219"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0158.html"},{"type":"WEB","url":"https://fedorahosted.org/sssd/ticket/1782"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=9027"}],"affected":[{"package":{"name":"sssd","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/sssd?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.6-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0158.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}