Test ID:	1.3.6.1.4.1.25623.1.0.871849
Category:	Red Hat Local Security Checks
Title:	RedHat Update for authconfig RHSA-2017:2285-01
Summary:	The remote host is missing an update for the 'authconfig'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'authconfig' package(s) announced via the referenced advisory. Vulnerability Insight: The authconfig packages contain a command-line utility and a GUI application that can configure a workstation to be a client for certain network user information, authentication schemes, and other user information and authentication-related options. Security Fix(es): * A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. (CVE-2017-7488) This issue was discovered by Tomas Mraz (Red Hat) and Thorsten Scherf (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Affected Software/OS: authconfig on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7488 101784 http://www.securityfocus.com/bid/101784 RHSA-2017:2285 https://access.redhat.com/errata/RHSA-2017:2285 https://bugzilla.redhat.com/show_bug.cgi?id=1441604 https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.