Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2016-635)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120625

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2016-635)

Resumen: The remote host is missing an update for the 'sssd' package(s) announced via the ALAS-2016-635 advisory.

Descripción: Summary:
The remote host is missing an update for the 'sssd' package(s) announced via the ALAS-2016-635 advisory.

Vulnerability Insight:
It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in.

Affected Software/OS:
'sssd' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5292
1034038
http://www.securitytracker.com/id/1034038
77529
http://www.securityfocus.com/bid/77529
FEDORA-2015-202c127199
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html
FEDORA-2015-7b47df69d3
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html
FEDORA-2015-cdea5324a8
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html
RHSA-2015:2019
http://rhn.redhat.com/errata/RHSA-2015-2019.html
RHSA-2015:2355
http://rhn.redhat.com/errata/RHSA-2015-2355.html
[sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1267580
https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
https://fedorahosted.org/sssd/ticket/2803
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120625
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2016-635)
Resumen:	The remote host is missing an update for the 'sssd' package(s) announced via the ALAS-2016-635 advisory.
Descripción:	Summary: The remote host is missing an update for the 'sssd' package(s) announced via the ALAS-2016-635 advisory. Vulnerability Insight: It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. Affected Software/OS: 'sssd' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5292 1034038 http://www.securitytracker.com/id/1034038 77529 http://www.securityfocus.com/bid/77529 FEDORA-2015-202c127199 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html FEDORA-2015-7b47df69d3 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html FEDORA-2015-cdea5324a8 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html RHSA-2015:2019 http://rhn.redhat.com/errata/RHSA-2015-2019.html RHSA-2015:2355 http://rhn.redhat.com/errata/RHSA-2015-2355.html [sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292) http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1267580 https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch https://fedorahosted.org/sssd/ticket/2803 https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
Copyright	Copyright (C) 2016 Greenbone AG