Test ID:	1.3.6.1.4.1.25623.1.0.881693
Category:	CentOS Local Security Checks
Title:	CentOS Update for libipa_hbac CESA-2013:0663 centos6
Summary:	The remote host is missing an update for the 'libipa_hbac'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libipa_hbac' package(s) announced via the referenced advisory. Vulnerability Insight: SSSD (System Security Services Daemon) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS (Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces toward the system and a pluggable back end system to connect to multiple different account sources. When SSSD was configured as a Microsoft Active Directory client by using the new Active Directory provider (introduced in RHSA-2013:0508), the Simple Access Provider ('access_provider = simple in /etc/sssd/sssd.conf') did not handle access control correctly. If any groups were specified with the simple_deny_groups option (in sssd.conf), all users were permitted access. (CVE-2013-0287) The CVE-2013-0287 issue was discovered by Kaushik Banerjee of Red Hat. This update also fixes the following bugs: * If a group contained a member whose Distinguished Name (DN) pointed out of any of the configured search bases, the search request that was processing this particular group never ran to completion. To the user, this bug manifested as a long timeout between requesting the group data and receiving the result. A patch has been provided to address this bug and SSSD now processes group search requests without delays. (BZ#907362) * The pwd_expiration_warning should have been set for seven days, but instead it was set to zero for Kerberos. This incorrect zero setting returned the 'always display warning if the server sends one' error message and users experienced problems in environments like IPA or Active Directory. Currently, the value setting for Kerberos is modified and this issue no longer occurs. (BZ#914671) All users of sssd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: libipa_hbac on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0287 1028317 http://securitytracker.com/id?1028317 52704 http://secunia.com/advisories/52704 52722 http://secunia.com/advisories/52722 58593 http://www.securityfocus.com/bid/58593 RHSA-2013:0663 http://rhn.redhat.com/errata/RHSA-2013-0663.html [sssd-devel] 20130319 [SSSD] A security bug in SSSD 1.9 (CVE-2013-0287) https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1 openSUSE-SU-2013:0559 http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.