Download
| Alert*
oval:org.secpod.oval:def:59555
sssd subpackages are installed oval:org.secpod.oval:def:704261 sssd is installed oval:org.secpod.oval:def:2000650 sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. oval:org.secpod.oval:def:201588 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:201638 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:21526 The host is installed with System Security Services Daemon (SSSD) 1.11.6 and is prone to Security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to bypass access restrictions. oval:org.secpod.oval:def:1600819 Unsanitized input when searching in local cache databaseIt was found that sssd#039;s sysdb_search_user_by_upn_res function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given us ... oval:org.secpod.oval:def:89044967 This update for sssd provides the following fixes: Security issues fixed: - CVE-2017-12173: Fixed unsanitized input when searching in local cache database . Non security issues fixed: - Fixed a segfault issue in ldap_rfc_2307_fallback_to_local_users. - Install /var/lib/sss/mc directory to correct s ... oval:org.secpod.oval:def:1500129 Updated sssd packages that fix one security issue and two bugs are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:203111 sssd is installed oval:org.secpod.oval:def:89003364 This update for sssd provides the following fixes: This security issue was fixed: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users These non-security issues were fixed: - Fix a segmentation fault in sss_cache command. ... oval:org.secpod.oval:def:204714 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:1601372 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user oval:org.secpod.oval:def:204252 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD"s Privilege Attribute Certificate responder plug-in would leak a small amount of memory on each authentication request. A remote attack ... oval:org.secpod.oval:def:500080 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:500201 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:507502 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:1506376 [1.16.5-10.0.3] - Revert Redhat"s change of disallowing duplicated incomplete gid when id_provider=ldap is used, which caused regression in AD environment. [Orabug: 29286774] [Doc ID 2605732.1] [1.16.5-10.15] - Resolves: rhbz#2149703 - smartcards: special characters must be escaped when building sea ... oval:org.secpod.oval:def:503406 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:66489 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:89003030 This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation Non-security issues fixed: - Missing GPOs directory could have led to login problems - Fix a crash by adding a netgroup counter ... oval:org.secpod.oval:def:89003435 This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation . Non-security issue fixed: - Create directory to download and cache GPOs oval:org.secpod.oval:def:89044005 This update for adcli and sssd provides the following improvement: Security vulnerability fixed: - CVE-2019-3811: Fix fallback_homedir returning "/" for empty home directories Other fixes: - Add an option to disable checking for trusted domains in the subdomains provider - Clear pid file in corner ... oval:org.secpod.oval:def:89003292 This update for sssd fixes the following issues: Security vulnerabilities addressed: - Fix fallback_homedir returning "/" for empty home directories - Create sockets with right permissions Other bug fixes and changes: - Install logrotate configuration - Strip whitespaces in netgroup triples - A ... oval:org.secpod.oval:def:1601065 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.A vulnerability was found in sssd where, if a user was configured ... oval:org.secpod.oval:def:708248 sssd: System Security Services Daemon Details: USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used. This update fixes the problem. We apologize for the in ... oval:org.secpod.oval:def:501028 SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. When SSSD was configured as a Microsoft Active Directory clie ... oval:org.secpod.oval:def:202645 SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. When SSSD was configured as a Microsoft Active Directory clie ... oval:org.secpod.oval:def:1501258 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blo ... oval:org.secpod.oval:def:203768 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:1501218 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blo ... oval:org.secpod.oval:def:501696 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. oval:org.secpod.oval:def:109599 Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a plug-gable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy service ... oval:org.secpod.oval:def:1600330 It was found that SSSD"s Privilege Attribute Certificate responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon applicati ... oval:org.secpod.oval:def:109625 Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a plug-gable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy service ... oval:org.secpod.oval:def:501676 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:204841 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:89050592 This update for sssd fixes the following issues: Security vulnerability addresed: - CVE-2019-3811: Fix fallback_homedir returning "/" for empty home directories Other bug fixes and changes: - Install logrotate configuration - Align systemd service file with upstream, run interactive and change ser ... oval:org.secpod.oval:def:89050804 This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation . Non-security issues fixed: - Allow defaults sudoRole without sudoUser attribute - Missing GPOs directory could have led to log ... oval:org.secpod.oval:def:2000563 improper implementation of GPOs due to too restrictive permissions oval:org.secpod.oval:def:708235 sssd: System Security Services Daemon SSSD could allow unintended access to network services. oval:org.secpod.oval:def:89048195 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover oval:org.secpod.oval:def:93875 sssd: System Security Services Daemon SSSD could allow unintended access to network services. oval:org.secpod.oval:def:1701234 A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authe ... oval:org.secpod.oval:def:89048188 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover oval:org.secpod.oval:def:89047488 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; ; ; - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; ; ; - CVE-2022-0336: Samba AD users with permission to write to an acco ... oval:org.secpod.oval:def:94985 sssd: System Security Services Daemon Details: USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used. This update fixes the problem. We apologize for the in ... oval:org.secpod.oval:def:1500040 Updated sssd packages that fix two security issues, multiple bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed ... oval:org.secpod.oval:def:501101 SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. A race condition was found in the way SSSD copied and removed ... oval:org.secpod.oval:def:202616 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:500985 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:1500277 Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:503262 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:1900028 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "". This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable. oval:org.secpod.oval:def:205300 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:2000960 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "" . This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable. oval:org.secpod.oval:def:2001448 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1 ... oval:org.secpod.oval:def:1900164 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before1. ... oval:org.secpod.oval:def:1700110 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. oval:org.secpod.oval:def:89049599 This update for sssd fixes the following security issue: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users . oval:org.secpod.oval:def:113552 Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a plug-gable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy service ... oval:org.secpod.oval:def:2001411 It was found that sssd"s sysdb_search_user_by_upn_res function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this f ... oval:org.secpod.oval:def:52088 sssd: System Security Services Daemon -- metapackage SSSD could be made to expose sensitive information. oval:org.secpod.oval:def:1502079 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113336 Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a plug-gable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy service ... oval:org.secpod.oval:def:502314 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:704212 sssd: System Security Services Daemon -- metapackage SSSD could be made to expose sensitive information. oval:org.secpod.oval:def:1502254 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502204 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:120649 Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services ... oval:org.secpod.oval:def:506330 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:89047646 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand . - Add "ldap_ignore_unreadable_references" parameter to skip unreadable objects referenced by "member" attributte - Fix 32-bit libraries package. ... oval:org.secpod.oval:def:89047200 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands . - Add LDAPS support for the AD provider . - Improve logs to record the reason why internal watchdog terminates a process . - Fix watchdog not te ... oval:org.secpod.oval:def:2500515 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:1505068 [2.4.0-9.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] - Restore default debug level for shadow-utils tools [Orabug: 32810448] - Revert Redhat"s change of disallowing duplicated incomplete gid when id_provider=ldap is used, which caused regression in AD environment. [Orabug: 29 ... oval:org.secpod.oval:def:1700722 A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat ... oval:org.secpod.oval:def:89045572 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands . oval:org.secpod.oval:def:3301297 SUSE Security Update: Security update for sssd oval:org.secpod.oval:def:4500050 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:205889 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:75919 sssd: System Security Services Daemon Several security issues were fixed in sssd. oval:org.secpod.oval:def:75915 sssd: System Security Services Daemon Several security issues were fixed in sssd. |