Test ID:	1.3.6.1.4.1.25623.1.0.881679
Category:	CentOS Local Security Checks
Title:	CentOS Update for libipa_hbac CESA-2013:0508 centos6
Summary:	The remote host is missing an update for the 'libipa_hbac'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libipa_hbac' package(s) announced via the referenced advisory. Vulnerability Insight: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user. (CVE-2013-0219) Multiple out-of-bounds memory read flaws were found in the way the autofs and SSH service responders parsed certain SSSD packets. An attacker could spend a specially-crafted packet that, when processed by the autofs or SSH service responders, would cause SSSD to crash. This issue only caused a temporary denial of service, as SSSD was automatically restarted by the monitor process after the crash. (CVE-2013-0220) The CVE-2013-0219 and CVE-2013-0220 issues were discovered by Florian Weimer of the Red Hat Product Security Team. These updated sssd packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All SSSD users are advised to upgrade to these updated packages, which upgrade SSSD to upstream version 1.9 to correct these issues, fix these bugs and add these enhancements. Affected Software/OS: libipa_hbac on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0219 51928 http://secunia.com/advisories/51928 52315 http://secunia.com/advisories/52315 57539 http://www.securityfocus.com/bid/57539 FEDORA-2013-1795 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html FEDORA-2013-1826 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html RHSA-2013:0508 http://rhn.redhat.com/errata/RHSA-2013-0508.html RHSA-2013:1319 http://rhn.redhat.com/errata/RHSA-2013-1319.html http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37 https://bugzilla.redhat.com/show_bug.cgi?id=884254 https://fedorahosted.org/sssd/ticket/1782 https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4 Common Vulnerability Exposure (CVE) ID: CVE-2013-0220 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab https://bugzilla.redhat.com/show_bug.cgi?id=884601 https://fedorahosted.org/sssd/ticket/1781
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.