CentOS Local Security Checks : CentOS Update for sssd CESA-2011:0975 centos5 i386

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.880983

Categoría: CentOS Local Security Checks

Título: CentOS Update for sssd CESA-2011:0975 centos5 i386

Resumen: The remote host is missing an update for the 'sssd'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'sssd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The System Security Services Daemon (SSSD) provides a set of daemons to
manage access to remote directories and authentication mechanisms. It
provides an NSS and PAM interface toward the system and a pluggable
back-end system to connect to multiple different account sources. It is
also the basis to provide client auditing and policy services for projects
such as FreeIPA.

A flaw was found in the SSSD PAM responder that could allow a local
attacker to force SSSD to enter an infinite loop via a carefully-crafted
packet. With SSSD unresponsive, legitimate users could be denied the
ability to log in to the system. (CVE-2010-4341)

Red Hat would like to thank Sebastian Krahmer for reporting this issue.

These updated sssd packages include a number of bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Refer to
the linked Red Hat Enterprise Linux 5.7 Technical Notes for information about
these changes.

All sssd users are advised to upgrade to these updated sssd packages, which
upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the
bugs and add the enhancements noted in the Technical Notes.

Affected Software/OS:
sssd on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4341
BugTraq ID: 45961
http://www.securityfocus.com/bid/45961
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html
http://www.redhat.com/support/errata/RHSA-2011-0560.html
http://www.redhat.com/support/errata/RHSA-2011-0975.html
http://secunia.com/advisories/43053
http://secunia.com/advisories/43055
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0197
http://www.vupen.com/english/advisories/2011/0212
XForce ISS Database: sssd-pamparseindatav2-dos(64881)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64881

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.880983
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for sssd CESA-2011:0975 centos5 i386
Resumen:	The remote host is missing an update for the 'sssd'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'sssd' package(s) announced via the referenced advisory. Vulnerability Insight: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to force SSSD to enter an infinite loop via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. These updated sssd packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the linked Red Hat Enterprise Linux 5.7 Technical Notes for information about these changes. All sssd users are advised to upgrade to these updated sssd packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. Affected Software/OS: sssd on CentOS 5 Solution: Please install the updated packages. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4341 BugTraq ID: 45961 http://www.securityfocus.com/bid/45961 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html http://www.redhat.com/support/errata/RHSA-2011-0560.html http://www.redhat.com/support/errata/RHSA-2011-0975.html http://secunia.com/advisories/43053 http://secunia.com/advisories/43055 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2011/0197 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: sssd-pamparseindatav2-dos(64881) https://exchange.xforce.ibmcloud.com/vulnerabilities/64881
Copyright	Copyright (C) 2011 Greenbone AG