ID CVE-2015-5292
Summary Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
References
Vulnerable Configurations
  • Fedora SSSD - System Security Services Daemon 1.10.0
    cpe:2.3:a:fedoraproject:sssd:1.10.0
  • Fedora SSSD - System Security Services Daemon 1.10.1
    cpe:2.3:a:fedoraproject:sssd:1.10.1
  • Fedora SSSD - System Security Services Daemon 1.11.0
    cpe:2.3:a:fedoraproject:sssd:1.11.0
  • Fedora SSSD - System Security Services Daemon 1.11.1
    cpe:2.3:a:fedoraproject:sssd:1.11.1
  • Fedora SSSD - System Security Services Daemon 1.11.2
    cpe:2.3:a:fedoraproject:sssd:1.11.2
  • Fedora SSSD - System Security Services Daemon 1.11.3
    cpe:2.3:a:fedoraproject:sssd:1.11.3
  • Fedora SSSD - System Security Services Daemon 1.11.4
    cpe:2.3:a:fedoraproject:sssd:1.11.4
  • Fedora SSSD - System Security Services Daemon 1.11.5
    cpe:2.3:a:fedoraproject:sssd:1.11.5
  • Fedora SSSD - System Security Services Daemon 1.11.6
    cpe:2.3:a:fedoraproject:sssd:1.11.6
  • Fedora SSSD - System Security Services Daemon 1.11.7
    cpe:2.3:a:fedoraproject:sssd:1.11.7
  • Fedora SSSD - System Security Services Daemon 1.12.0
    cpe:2.3:a:fedoraproject:sssd:1.12.0
  • Fedora SSSD - System Security Services Daemon 1.12.1
    cpe:2.3:a:fedoraproject:sssd:1.12.1
  • Fedora SSSD - System Security Services Daemon 1.12.2
    cpe:2.3:a:fedoraproject:sssd:1.12.2
  • Fedora SSSD - System Security Services Daemon 1.12.3
    cpe:2.3:a:fedoraproject:sssd:1.12.3
  • Fedora SSSD - System Security Services Daemon 1.12.4
    cpe:2.3:a:fedoraproject:sssd:1.12.4
  • Fedora SSSD - System Security Services Daemon 1.12.5
    cpe:2.3:a:fedoraproject:sssd:1.12.5
  • Fedora SSSD - System Security Services Daemon 1.13.0
    cpe:2.3:a:fedoraproject:sssd:1.13.0
CVSS
Base: 6.8 (as of 30-10-2015 - 13:16)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2355.NASL
    description Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1205554) Several enhancements are described in the Red Hat Enterprise Linux 7.2 Release Notes, linked to in the References section : * SSSD smart card support (BZ#854396) * Cache authentication in SSSD (BZ#910187) * SSSD supports overriding automatically discovered AD site (BZ#1163806) * SSSD can now deny SSH access to locked accounts (BZ#1175760) * SSSD enables UID and GID mapping on individual clients (BZ#1183747) * Background refresh of cached entries (BZ#1199533) * Multi-step prompting for one-time and long-term passwords (BZ#1200873) * Caching for initgroups operations (BZ#1206575) Bugs fixed : * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314) * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. (BZ#1198477) * The SRV queries used a hard-coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541) * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. (BZ#1201840) * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. (BZ#1202170) * If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. (BZ#1202245) * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. (BZ#1204203) * SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. (BZ#1205852) * SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. (BZ#1208507) * The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. (BZ#1211830) * The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. (BZ#1212489) * Now, default_domain_suffix is not considered anymore for autofs maps. (BZ#1216285) * The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. (BZ#1217350) * The group resolution failed with an error message: 'Error: 14 (Bad address)'. The binary GUID handling has been fixed. (BZ#1226119) Enhancements added : * The description of default_domain_suffix has been improved in the manual pages. (BZ#1185536) * With the new '%0' template option, users on SSSD IdM clients can now use home directories set on AD. (BZ#1187103) All sssd users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    last seen 2017-10-29
    modified 2016-04-28
    plugin id 87151
    published 2015-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87151
    title CentOS 7 : sssd (CESA-2015:2355)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2355.NASL
    description Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1205554) Several enhancements are described in the Red Hat Enterprise Linux 7.2 Release Notes, linked to in the References section : * SSSD smart card support (BZ#854396) * Cache authentication in SSSD (BZ#910187) * SSSD supports overriding automatically discovered AD site (BZ#1163806) * SSSD can now deny SSH access to locked accounts (BZ#1175760) * SSSD enables UID and GID mapping on individual clients (BZ#1183747) * Background refresh of cached entries (BZ#1199533) * Multi-step prompting for one-time and long-term passwords (BZ#1200873) * Caching for initgroups operations (BZ#1206575) Bugs fixed : * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314) * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. (BZ#1198477) * The SRV queries used a hard-coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541) * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. (BZ#1201840) * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. (BZ#1202170) * If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. (BZ#1202245) * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. (BZ#1204203) * SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. (BZ#1205852) * SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. (BZ#1208507) * The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. (BZ#1211830) * The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. (BZ#1212489) * Now, default_domain_suffix is not considered anymore for autofs maps. (BZ#1216285) * The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. (BZ#1217350) * The group resolution failed with an error message: 'Error: 14 (Bad address)'. The binary GUID handling has been fixed. (BZ#1226119) Enhancements added : * The description of default_domain_suffix has been improved in the manual pages. (BZ#1185536) * With the new '%0' template option, users on SSSD IdM clients can now use home directories set on AD. (BZ#1187103) All sssd users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 86983
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86983
    title RHEL 7 : sssd (RHSA-2015:2355)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151110_SSSD_ON_SL6_X.NASL
    description It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) This update also fixes the following bugs : - Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the '(' opening parenthesis sign. Consequently, SSSD skipped such sudo rules. The internal sysdb search has been modified to escape special characters when searching for objects to which sudo rules apply. As a result, SSSD applies the described sudo rules as expected. - Prior to this update, SSSD did not correctly handle group names containing special Lightweight Directory Access Protocol (LDAP) characters, such as the '(' or ')' parenthesis signs. When a group name contained one or more such characters, the internal cache cleanup operation failed with an I/O error. With this update, LDAP special characters in the Distinguished Name (DN) of a cache entry are escaped before the cleanup operation starts. As a result, the cleanup operation completes successfully in the described situation. - Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug. - Previously, when malformed POSIX attributes were defined in an Active Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode. This update relaxes certain checks for AD POSIX attribute validity. As a result, SSSD now works as expected even when malformed POSIX attributes are present in AD and no longer enters offline mode in the described situation. After installing the update, the sssd service will be restarted automatically. Additionally, all running applications using the PAC responder plug-in must be restarted for the changes to take effect.
    last seen 2017-10-29
    modified 2015-11-11
    plugin id 86846
    published 2015-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86846
    title Scientific Linux Security Update : sssd on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2019.NASL
    description Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) This update also fixes the following bugs : * Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the '(' opening parenthesis sign. Consequently, SSSD skipped such sudo rules. The internal sysdb search has been modified to escape special characters when searching for objects to which sudo rules apply. As a result, SSSD applies the described sudo rules as expected. (BZ#1258398) * Prior to this update, SSSD did not correctly handle group names containing special Lightweight Directory Access Protocol (LDAP) characters, such as the '(' or ')' parenthesis signs. When a group name contained one or more such characters, the internal cache cleanup operation failed with an I/O error. With this update, LDAP special characters in the Distinguished Name (DN) of a cache entry are escaped before the cleanup operation starts. As a result, the cleanup operation completes successfully in the described situation. (BZ#1264098) * Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug. (BZ#1268783) * Previously, when malformed POSIX attributes were defined in an Active Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode. This update relaxes certain checks for AD POSIX attribute validity. As a result, SSSD now works as expected even when malformed POSIX attributes are present in AD and no longer enters offline mode in the described situation. (BZ#1268784) All sssd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the sssd service will be restarted automatically. Additionally, all running applications using the PAC responder plug-in must be restarted for the changes to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 86845
    published 2015-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86845
    title RHEL 6 : sssd (RHSA-2015:2019)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2019.NASL
    description Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) This update also fixes the following bugs : * Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the '(' opening parenthesis sign. Consequently, SSSD skipped such sudo rules. The internal sysdb search has been modified to escape special characters when searching for objects to which sudo rules apply. As a result, SSSD applies the described sudo rules as expected. (BZ#1258398) * Prior to this update, SSSD did not correctly handle group names containing special Lightweight Directory Access Protocol (LDAP) characters, such as the '(' or ')' parenthesis signs. When a group name contained one or more such characters, the internal cache cleanup operation failed with an I/O error. With this update, LDAP special characters in the Distinguished Name (DN) of a cache entry are escaped before the cleanup operation starts. As a result, the cleanup operation completes successfully in the described situation. (BZ#1264098) * Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug. (BZ#1268783) * Previously, when malformed POSIX attributes were defined in an Active Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode. This update relaxes certain checks for AD POSIX attribute validity. As a result, SSSD now works as expected even when malformed POSIX attributes are present in AD and no longer enters offline mode in the described situation. (BZ#1268784) All sssd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the sssd service will be restarted automatically. Additionally, all running applications using the PAC responder plug-in must be restarted for the changes to take effect.
    last seen 2017-10-29
    modified 2016-04-28
    plugin id 86831
    published 2015-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86831
    title CentOS 6 : sssd (CESA-2015:2019)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-635.NASL
    description It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in.
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 87969
    published 2016-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87969
    title Amazon Linux AMI : sssd (ALAS-2016-635)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2355.NASL
    description From Red Hat Security Advisory 2015:2355 : Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1205554) Several enhancements are described in the Red Hat Enterprise Linux 7.2 Release Notes, linked to in the References section : * SSSD smart card support (BZ#854396) * Cache authentication in SSSD (BZ#910187) * SSSD supports overriding automatically discovered AD site (BZ#1163806) * SSSD can now deny SSH access to locked accounts (BZ#1175760) * SSSD enables UID and GID mapping on individual clients (BZ#1183747) * Background refresh of cached entries (BZ#1199533) * Multi-step prompting for one-time and long-term passwords (BZ#1200873) * Caching for initgroups operations (BZ#1206575) Bugs fixed : * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314) * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. (BZ#1198477) * The SRV queries used a hard-coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541) * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. (BZ#1201840) * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. (BZ#1202170) * If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. (BZ#1202245) * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. (BZ#1204203) * SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. (BZ#1205852) * SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. (BZ#1208507) * The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. (BZ#1211830) * The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. (BZ#1212489) * Now, default_domain_suffix is not considered anymore for autofs maps. (BZ#1216285) * The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. (BZ#1217350) * The group resolution failed with an error message: 'Error: 14 (Bad address)'. The binary GUID handling has been fixed. (BZ#1226119) Enhancements added : * The description of default_domain_suffix has been improved in the manual pages. (BZ#1185536) * With the new '%0' template option, users on SSSD IdM clients can now use home directories set on AD. (BZ#1187103) All sssd users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    last seen 2017-10-29
    modified 2016-04-28
    plugin id 87095
    published 2015-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87095
    title Oracle Linux 7 : sssd (ELSA-2015-2355)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-7B47DF69D3.NASL
    description Security fix for CVE-2015-5292 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-03-04
    plugin id 89296
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89296
    title Fedora 22 : sssd-1.13.1-2.fc22 (2015-7b47df69d3)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-202C127199.NASL
    description Security fix for CVE-2015-5292 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-03-04
    plugin id 89171
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89171
    title Fedora 23 : sssd-1.13.1-2.fc23 (2015-202c127199)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-CDEA5324A8.NASL
    description Security fix for CVE-2015-5292 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-03-04
    plugin id 89413
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89413
    title Fedora 21 : sssd-1.12.5-4.fc21 (2015-cdea5324a8)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2019.NASL
    description From Red Hat Security Advisory 2015:2019 : Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) This update also fixes the following bugs : * Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the '(' opening parenthesis sign. Consequently, SSSD skipped such sudo rules. The internal sysdb search has been modified to escape special characters when searching for objects to which sudo rules apply. As a result, SSSD applies the described sudo rules as expected. (BZ#1258398) * Prior to this update, SSSD did not correctly handle group names containing special Lightweight Directory Access Protocol (LDAP) characters, such as the '(' or ')' parenthesis signs. When a group name contained one or more such characters, the internal cache cleanup operation failed with an I/O error. With this update, LDAP special characters in the Distinguished Name (DN) of a cache entry are escaped before the cleanup operation starts. As a result, the cleanup operation completes successfully in the described situation. (BZ#1264098) * Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug. (BZ#1268783) * Previously, when malformed POSIX attributes were defined in an Active Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode. This update relaxes certain checks for AD POSIX attribute validity. As a result, SSSD now works as expected even when malformed POSIX attributes are present in AD and no longer enters offline mode in the described situation. (BZ#1268784) All sssd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the sssd service will be restarted automatically. Additionally, all running applications using the PAC responder plug-in must be restarted for the changes to take effect.
    last seen 2017-10-29
    modified 2016-04-28
    plugin id 86843
    published 2015-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86843
    title Oracle Linux 6 : sssd (ELSA-2015-2019)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151119_SSSD_ON_SL7_X.NASL
    description It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. - SSSD smart card support * Cache authentication in SSSD * SSSD supports overriding automatically discovered AD site * SSSD can now deny SSH access to locked accounts * SSSD enables UID and GID mapping on individual clients * Background refresh of cached entries * Multi-step prompting for one-time and long-term passwords * Caching for initgroups operations Bugs fixed : - When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. - If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. - The SRV queries used a hard-coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. - Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. - When an IdM client with Scientific Linux 7.1 or later was connecting to a server with Scientific Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. - If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. - The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. - SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. - SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. - The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. - The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. - Now, default_domain_suffix is not considered anymore for autofs maps. - The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. - The group resolution failed with an error message: 'Error: 14 (Bad address)'. The binary GUID handling has been fixed. Enhancements added : - The description of default_domain_suffix has been improved in the manual pages. - With the new '%0' template option, users on SSSD IdM clients can now use home directories set on AD.
    last seen 2017-10-29
    modified 2015-12-22
    plugin id 87575
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87575
    title Scientific Linux Security Update : sssd on SL7.x x86_64
redhat via4
advisories
  • bugzilla
    id 1268783
    title Memory leak / possible DoS with krb auth. [rhel 6.7.z]
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libipa_hbac is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019035
        • comment libipa_hbac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508020
      • AND
        • comment libipa_hbac-devel is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019033
        • comment libipa_hbac-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508026
      • AND
        • comment libipa_hbac-python is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019045
        • comment libipa_hbac-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508012
      • AND
        • comment libsss_idmap is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019005
        • comment libsss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508018
      • AND
        • comment libsss_idmap-devel is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019013
        • comment libsss_idmap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508010
      • AND
        • comment libsss_nss_idmap is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019037
        • comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019038
      • AND
        • comment libsss_nss_idmap-devel is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019041
        • comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019042
      • AND
        • comment libsss_nss_idmap-python is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019009
        • comment libsss_nss_idmap-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019010
      • AND
        • comment libsss_simpleifp is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019043
        • comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019044
      • AND
        • comment libsss_simpleifp-devel is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019007
        • comment libsss_simpleifp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019008
      • AND
        • comment python-sssdconfig is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019049
        • comment python-sssdconfig is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019050
      • AND
        • comment sssd is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019023
        • comment sssd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560006
      • AND
        • comment sssd-ad is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019027
        • comment sssd-ad is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019028
      • AND
        • comment sssd-client is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019019
        • comment sssd-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560008
      • AND
        • comment sssd-common is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019025
        • comment sssd-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019026
      • AND
        • comment sssd-common-pac is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019047
        • comment sssd-common-pac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019048
      • AND
        • comment sssd-dbus is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019021
        • comment sssd-dbus is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019022
      • AND
        • comment sssd-ipa is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019015
        • comment sssd-ipa is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019016
      • AND
        • comment sssd-krb5 is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019031
        • comment sssd-krb5 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019032
      • AND
        • comment sssd-krb5-common is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019011
        • comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019012
      • AND
        • comment sssd-ldap is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019039
        • comment sssd-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019040
      • AND
        • comment sssd-proxy is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019017
        • comment sssd-proxy is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019018
      • AND
        • comment sssd-tools is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019029
        • comment sssd-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560010
    rhsa
    id RHSA-2015:2019
    released 2015-11-10
    severity Low
    title RHSA-2015:2019: sssd security and bug fix update (Low)
  • bugzilla
    id 1270827
    title local overrides: don't contact server with overridden name/id
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libipa_hbac is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355005
        • comment libipa_hbac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508020
      • AND
        • comment libipa_hbac-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355047
        • comment libipa_hbac-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508026
      • AND
        • comment libsss_idmap is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355049
        • comment libsss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508018
      • AND
        • comment libsss_idmap-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355045
        • comment libsss_idmap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508010
      • AND
        • comment libsss_nss_idmap is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355017
        • comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019038
      • AND
        • comment libsss_nss_idmap-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355039
        • comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019042
      • AND
        • comment libsss_simpleifp is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355021
        • comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019044
      • AND
        • comment libsss_simpleifp-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355011
        • comment libsss_simpleifp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019008
      • AND
        • comment python-libipa_hbac is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355043
        • comment python-libipa_hbac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355044
      • AND
        • comment python-libsss_nss_idmap is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355029
        • comment python-libsss_nss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355030
      • AND
        • comment python-sss is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355033
        • comment python-sss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355034
      • AND
        • comment python-sss-murmur is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355053
        • comment python-sss-murmur is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355054
      • AND
        • comment python-sssdconfig is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355057
        • comment python-sssdconfig is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019050
      • AND
        • comment sssd is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355051
        • comment sssd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560006
      • AND
        • comment sssd-ad is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355007
        • comment sssd-ad is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019028
      • AND
        • comment sssd-client is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355055
        • comment sssd-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560008
      • AND
        • comment sssd-common is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355041
        • comment sssd-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019026
      • AND
        • comment sssd-common-pac is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355037
        • comment sssd-common-pac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019048
      • AND
        • comment sssd-dbus is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355027
        • comment sssd-dbus is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019022
      • AND
        • comment sssd-ipa is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355025
        • comment sssd-ipa is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019016
      • AND
        • comment sssd-krb5 is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355009
        • comment sssd-krb5 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019032
      • AND
        • comment sssd-krb5-common is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355013
        • comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019012
      • AND
        • comment sssd-ldap is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355019
        • comment sssd-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019040
      • AND
        • comment sssd-libwbclient is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355023
        • comment sssd-libwbclient is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355024
      • AND
        • comment sssd-libwbclient-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355031
        • comment sssd-libwbclient-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355032
      • AND
        • comment sssd-proxy is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355035
        • comment sssd-proxy is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019018
      • AND
        • comment sssd-tools is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355015
        • comment sssd-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560010
    rhsa
    id RHSA-2015:2355
    released 2015-06-22
    severity Low
    title RHSA-2015:2355: sssd security, bug fix, and enhancement update (Low)
rpms
  • libipa_hbac-0:1.12.4-47.el6_7.4
  • libipa_hbac-devel-0:1.12.4-47.el6_7.4
  • libipa_hbac-python-0:1.12.4-47.el6_7.4
  • libsss_idmap-0:1.12.4-47.el6_7.4
  • libsss_idmap-devel-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-devel-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-python-0:1.12.4-47.el6_7.4
  • libsss_simpleifp-0:1.12.4-47.el6_7.4
  • libsss_simpleifp-devel-0:1.12.4-47.el6_7.4
  • python-sssdconfig-0:1.12.4-47.el6_7.4
  • sssd-0:1.12.4-47.el6_7.4
  • sssd-ad-0:1.12.4-47.el6_7.4
  • sssd-client-0:1.12.4-47.el6_7.4
  • sssd-common-0:1.12.4-47.el6_7.4
  • sssd-common-pac-0:1.12.4-47.el6_7.4
  • sssd-dbus-0:1.12.4-47.el6_7.4
  • sssd-ipa-0:1.12.4-47.el6_7.4
  • sssd-krb5-0:1.12.4-47.el6_7.4
  • sssd-krb5-common-0:1.12.4-47.el6_7.4
  • sssd-ldap-0:1.12.4-47.el6_7.4
  • sssd-proxy-0:1.12.4-47.el6_7.4
  • sssd-tools-0:1.12.4-47.el6_7.4
  • libipa_hbac-0:1.13.0-40.el7
  • libipa_hbac-devel-0:1.13.0-40.el7
  • libsss_idmap-0:1.13.0-40.el7
  • libsss_idmap-devel-0:1.13.0-40.el7
  • libsss_nss_idmap-0:1.13.0-40.el7
  • libsss_nss_idmap-devel-0:1.13.0-40.el7
  • libsss_simpleifp-0:1.13.0-40.el7
  • libsss_simpleifp-devel-0:1.13.0-40.el7
  • python-libipa_hbac-0:1.13.0-40.el7
  • python-libsss_nss_idmap-0:1.13.0-40.el7
  • python-sss-0:1.13.0-40.el7
  • python-sss-murmur-0:1.13.0-40.el7
  • python-sssdconfig-0:1.13.0-40.el7
  • sssd-0:1.13.0-40.el7
  • sssd-ad-0:1.13.0-40.el7
  • sssd-client-0:1.13.0-40.el7
  • sssd-common-0:1.13.0-40.el7
  • sssd-common-pac-0:1.13.0-40.el7
  • sssd-dbus-0:1.13.0-40.el7
  • sssd-ipa-0:1.13.0-40.el7
  • sssd-krb5-0:1.13.0-40.el7
  • sssd-krb5-common-0:1.13.0-40.el7
  • sssd-ldap-0:1.13.0-40.el7
  • sssd-libwbclient-0:1.13.0-40.el7
  • sssd-libwbclient-devel-0:1.13.0-40.el7
  • sssd-proxy-0:1.13.0-40.el7
  • sssd-tools-0:1.13.0-40.el7
refmap via4
bid 77529
confirm
fedora
  • FEDORA-2015-202c127199
  • FEDORA-2015-7b47df69d3
  • FEDORA-2015-cdea5324a8
mlist [sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
sectrack 1034038
Last major update 07-12-2016 - 13:16
Published 29-10-2015 - 12:59
Back to Top