What is the severity of CVE-2013-0219?

CVE-2013-0219 has been assigned a high severity rating due to its potential to allow local attackers unauthorized access to user directory trees.

How do I fix CVE-2013-0219?

To fix CVE-2013-0219, update to the latest version of SSSD that addresses this vulnerability.

What versions of SSSD are affected by CVE-2013-0219?

CVE-2013-0219 affects multiple versions of SSSD, primarily versions prior to 1.9.4.

Can I exploit CVE-2013-0219 remotely?

CVE-2013-0219 is a local vulnerability, meaning it cannot be exploited remotely as it requires local permissions.

What is a TOCTOU race condition in CVE-2013-0219?

A TOCTOU (Time of Check To Time of Use) race condition in CVE-2013-0219 occurs when an attacker modifies a user directory during a copy or removal process.

Vulnerability/
CVE-2013-0219

low

3.7

CWE

362 264

5/12/2012

24/2/2013

6/8/2024

CVE-2013-0219: Race Condition

First published: Wed Dec 05 2012(Updated: )

A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, System Security Services Daemon, performed copying and removal of (user) directory trees.A local attacker, with permissions to write into directory of the victim, being actively / currently copied / removed via the sssd daemon facility, could use this flaw to conduct symbolic link attacks, leading to their ability to alter / remove directories outside of originally intended, to be modified, directory tree. This issue was found by Florian Weimer of Red Hat Product Security Team.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Fedora Hosted SSSD	<=1.9.3
Fedora Hosted SSSD	=0.2.1
Fedora Hosted SSSD	=0.3.0
Fedora Hosted SSSD	=0.3.1
Fedora Hosted SSSD	=0.3.2
Fedora Hosted SSSD	=0.3.3
Fedora Hosted SSSD	=0.4.0
Fedora Hosted SSSD	=0.4.1
Fedora Hosted SSSD	=0.5.0
Fedora Hosted SSSD	=0.6.0
Fedora Hosted SSSD	=0.6.1
Fedora Hosted SSSD	=0.7.0
Fedora Hosted SSSD	=0.7.1
Fedora Hosted SSSD	=0.99.0
Fedora Hosted SSSD	=0.99.1
Fedora Hosted SSSD	=1.0.0
Fedora Hosted SSSD	=1.0.1
Fedora Hosted SSSD	=1.0.2
Fedora Hosted SSSD	=1.0.3
Fedora Hosted SSSD	=1.0.4
Fedora Hosted SSSD	=1.0.5
Fedora Hosted SSSD	=1.0.6
Fedora Hosted SSSD	=1.0.99
Fedora Hosted SSSD	=1.1.0
Fedora Hosted SSSD	=1.1.1
Fedora Hosted SSSD	=1.1.2
Fedora Hosted SSSD	=1.1.91
Fedora Hosted SSSD	=1.1.92
Fedora Hosted SSSD	=1.2.0
Fedora Hosted SSSD	=1.2.1
Fedora Hosted SSSD	=1.2.2
Fedora Hosted SSSD	=1.2.3
Fedora Hosted SSSD	=1.2.4
Fedora Hosted SSSD	=1.2.91
Fedora Hosted SSSD	=1.3.0
Fedora Hosted SSSD	=1.3.1
Fedora Hosted SSSD	=1.4.0
Fedora Hosted SSSD	=1.4.1
Fedora Hosted SSSD	=1.5.0
Fedora Hosted SSSD	=1.5.1
Fedora Hosted SSSD	=1.5.2
Fedora Hosted SSSD	=1.5.3
Fedora Hosted SSSD	=1.5.4
Fedora Hosted SSSD	=1.5.5
Fedora Hosted SSSD	=1.5.6
Fedora Hosted SSSD	=1.5.6.1
Fedora Hosted SSSD	=1.5.7
Fedora Hosted SSSD	=1.5.8
Fedora Hosted SSSD	=1.5.9
Fedora Hosted SSSD	=1.5.10
Fedora Hosted SSSD	=1.5.11
Fedora Hosted SSSD	=1.5.12
Fedora Hosted SSSD	=1.5.13
Fedora Hosted SSSD	=1.5.14
Fedora Hosted SSSD	=1.5.15
Fedora Hosted SSSD	=1.5.16
Fedora Hosted SSSD	=1.5.17
Fedora Hosted SSSD	=1.6.0
Fedora Hosted SSSD	=1.6.1
Fedora Hosted SSSD	=1.6.2
Fedora Hosted SSSD	=1.6.3
Fedora Hosted SSSD	=1.6.4
Fedora Hosted SSSD	=1.7.0
Fedora Hosted SSSD	=1.8.0
Fedora Hosted SSSD	=1.8.0-beta1
Fedora Hosted SSSD	=1.8.0-beta2
Fedora Hosted SSSD	=1.8.0-beta3
Fedora Hosted SSSD	=1.8.1
Fedora Hosted SSSD	=1.8.2
Fedora Hosted SSSD	=1.8.3
Fedora Hosted SSSD	=1.8.4
Fedora Hosted SSSD	=1.8.5
Fedora Hosted SSSD	=1.8.6
Fedora Hosted SSSD	=1.9.0
Fedora Hosted SSSD	=1.9.1
Fedora Hosted SSSD	=1.9.2
Red Hat Enterprise Linux	=5
Red Hat Enterprise Linux	=6.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-0219?
CVE-2013-0219 has been assigned a high severity rating due to its potential to allow local attackers unauthorized access to user directory trees.
How do I fix CVE-2013-0219?
To fix CVE-2013-0219, update to the latest version of SSSD that addresses this vulnerability.
What versions of SSSD are affected by CVE-2013-0219?
CVE-2013-0219 affects multiple versions of SSSD, primarily versions prior to 1.9.4.
Can I exploit CVE-2013-0219 remotely?
CVE-2013-0219 is a local vulnerability, meaning it cannot be exploited remotely as it requires local permissions.
What is a TOCTOU race condition in CVE-2013-0219?
A TOCTOU (Time of Check To Time of Use) race condition in CVE-2013-0219 occurs when an attacker modifies a user directory during a copy or removal process.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/references
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-0219
agent/trending
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/fedoraproject
canonical/fedora hosted sssd
version/fedora hosted sssd/1.9.3
version/fedora hosted sssd/0.2.1
version/fedora hosted sssd/0.3.0
version/fedora hosted sssd/0.3.1
version/fedora hosted sssd/0.3.2
version/fedora hosted sssd/0.3.3
version/fedora hosted sssd/0.4.0
version/fedora hosted sssd/0.4.1
version/fedora hosted sssd/0.5.0
version/fedora hosted sssd/0.6.0
version/fedora hosted sssd/0.6.1
version/fedora hosted sssd/0.7.0
version/fedora hosted sssd/0.7.1
version/fedora hosted sssd/0.99.0
version/fedora hosted sssd/0.99.1
version/fedora hosted sssd/1.0.0
version/fedora hosted sssd/1.0.1
version/fedora hosted sssd/1.0.2
version/fedora hosted sssd/1.0.3
version/fedora hosted sssd/1.0.4
version/fedora hosted sssd/1.0.5
version/fedora hosted sssd/1.0.6
version/fedora hosted sssd/1.0.99
version/fedora hosted sssd/1.1.0
version/fedora hosted sssd/1.1.1
version/fedora hosted sssd/1.1.2
version/fedora hosted sssd/1.1.91
version/fedora hosted sssd/1.1.92
version/fedora hosted sssd/1.2.0
version/fedora hosted sssd/1.2.1
version/fedora hosted sssd/1.2.2
version/fedora hosted sssd/1.2.3
version/fedora hosted sssd/1.2.4
version/fedora hosted sssd/1.2.91
version/fedora hosted sssd/1.3.0
version/fedora hosted sssd/1.3.1
version/fedora hosted sssd/1.4.0
version/fedora hosted sssd/1.4.1
version/fedora hosted sssd/1.5.0
version/fedora hosted sssd/1.5.1
version/fedora hosted sssd/1.5.2
version/fedora hosted sssd/1.5.3
version/fedora hosted sssd/1.5.4
version/fedora hosted sssd/1.5.5
version/fedora hosted sssd/1.5.6
version/fedora hosted sssd/1.5.6.1
version/fedora hosted sssd/1.5.7
version/fedora hosted sssd/1.5.8
version/fedora hosted sssd/1.5.9
version/fedora hosted sssd/1.5.10
version/fedora hosted sssd/1.5.11
version/fedora hosted sssd/1.5.12
version/fedora hosted sssd/1.5.13
version/fedora hosted sssd/1.5.14
version/fedora hosted sssd/1.5.15
version/fedora hosted sssd/1.5.16
version/fedora hosted sssd/1.5.17
version/fedora hosted sssd/1.6.0
version/fedora hosted sssd/1.6.1
version/fedora hosted sssd/1.6.2
version/fedora hosted sssd/1.6.3
version/fedora hosted sssd/1.6.4
version/fedora hosted sssd/1.7.0
version/fedora hosted sssd/1.8.0
version/fedora hosted sssd/1.8.0-beta1
version/fedora hosted sssd/1.8.0-beta2
version/fedora hosted sssd/1.8.0-beta3
version/fedora hosted sssd/1.8.1
version/fedora hosted sssd/1.8.2
version/fedora hosted sssd/1.8.3
version/fedora hosted sssd/1.8.4
version/fedora hosted sssd/1.8.5
version/fedora hosted sssd/1.8.6
version/fedora hosted sssd/1.9.0
version/fedora hosted sssd/1.9.1
version/fedora hosted sssd/1.9.2
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/5
version/red hat enterprise linux/6.0