ID de Prueba:	1.3.6.1.4.1.25623.1.0.871849
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for authconfig RHSA-2017:2285-01
Resumen:	The remote host is missing an update for the 'authconfig'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'authconfig' package(s) announced via the referenced advisory. Vulnerability Insight: The authconfig packages contain a command-line utility and a GUI application that can configure a workstation to be a client for certain network user information, authentication schemes, and other user information and authentication-related options. Security Fix(es): * A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. (CVE-2017-7488) This issue was discovered by Tomas Mraz (Red Hat) and Thorsten Scherf (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Affected Software/OS: authconfig on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7488 101784 http://www.securityfocus.com/bid/101784 RHSA-2017:2285 https://access.redhat.com/errata/RHSA-2017:2285 https://bugzilla.redhat.com/show_bug.cgi?id=1441604 https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.