English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871488
Category:Red Hat Local Security Checks
Title:RedHat Update for sssd RHSA-2015:2355-01
Summary:The remote host is missing an update for the 'sssd'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'sssd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The System Security Services Daemon (SSSD)
service provides a set of daemons to manage access to remote directories and
authentication mechanisms.

It was found that SSSD's Privilege Attribute Certificate (PAC) responder
plug-in would leak a small amount of memory on each authentication request.
A remote attacker could potentially use this flaw to exhaust all available
memory on the system by making repeated requests to a Kerberized daemon
application configured to authenticate using the PAC responder plug-in.
(CVE-2015-5292)

The sssd packages have been upgraded to upstream version 1.13.0, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1205554)

Several enhancements are described in the Red Hat Enterprise Linux 7.2
Release Notes, linked to in the References section:

* SSSD smart card support (BZ#854396)

* Cache authentication in SSSD (BZ#910187)

* SSSD supports overriding automatically discovered AD site (BZ#1163806)

* SSSD can now deny SSH access to locked accounts (BZ#1175760)

* SSSD enables UID and GID mapping on individual clients (BZ#1183747)

* Background refresh of cached entries (BZ#1199533)

* Multi-step prompting for one-time and long-term passwords (BZ#1200873)

* Caching for initgroups operations (BZ#1206575)

Bugs fixed:

* When the SELinux user content on an IdM server was set to an empty
string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314)

* If the ldap_child process failed to initialize credentials and exited
with an error multiple times, operations that create files in some cases
started failing due to an insufficient amount of i-nodes. (BZ#1198477)

* The SRV queries used a hard coded TTL timeout, and environments that
wanted the SRV queries to be valid for a certain time only were blocked.
Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541)

* Previously, initgroups operation took an excessive amount of time. Now,
logins and ID processing are faster for setups with AD back end and
disabled ID mapping. (BZ#1201840)

* When an IdM client with Red Hat Enterprise Linux 7.1 or later was
connecting to a server with Red Hat Enterprise Linux 7.0 or earlier,
authentication with an AD trusted domain caused the sssd_be process to
terminate unexpectedly. (BZ#1202170)

* If replication conflict entries appeared during HBAC processing, the user
was denied access. Now, the replication conflict entries are skipped and
users are permitted access. (BZ#1202245)

* The array of SIDs no longer contains an uninitialized value and SSSD no
longer crashes. (BZ#1204203)

* SSSD supports GPOs from diffe ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
sssd on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5292
1034038
http://www.securitytracker.com/id/1034038
77529
http://www.securityfocus.com/bid/77529
FEDORA-2015-202c127199
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html
FEDORA-2015-7b47df69d3
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html
FEDORA-2015-cdea5324a8
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html
RHSA-2015:2019
http://rhn.redhat.com/errata/RHSA-2015-2019.html
RHSA-2015:2355
http://rhn.redhat.com/errata/RHSA-2015-2355.html
[sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1267580
https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
https://fedorahosted.org/sssd/ticket/2803
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.