[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0663 -- Oracle sssd and libsss_autofs

ID: oval:org.secpod.oval:def:1500129Date: (C)2013-03-21   (M)2022-10-10
Class: PATCHFamily: unix




Updated sssd packages that fix one security issue and two bugs are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the CVE link inthe References section. SSSD provides a set of daemons to manageaccess to remote directories and authentication mechanisms. It providesNSS and PAM interfaces toward the system and a pluggable back end system to connect tomultiple different account sources.When SSSD was configured as a Microsoft Active Directory client by usingthe new Active Directory provider , theSimple Access Provider did not handle access control correctly. If anygroups were specified with the "simple_deny_groups" option ,all users were permitted access. The CVE-2013-0287 issue was discovered by Kaushik Banerjee of Red Hat.This update also fixes the following bugs:* If a group contained a member whose Distinguished Name pointed outof any of the configured search bases, the search request that wasprocessing this particular group never ran to completion. To the user, thisbug manifested as a long timeout between requesting the group data andreceiving the result. A patch has been provided to address this bug andSSSD now processes group search requests without delays. * The pwd_expiration_warning should have been set for seven days, butinstead it was set to zero for Kerberos. This incorrect zero settingreturned the "always display warning if the server sends one" error messageand users experienced problems in environments like IPA or ActiveDirectory. Currently, the value setting for Kerberos is modified and thisissue no longer occurs. All users of sssd are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.

Platform:
Oracle Linux 6
Product:
sssd
libsss_autofs
Reference:
ELSA-2013-0663
CVE-2013-0287
CVE    1
CVE-2013-0287
CPE    3
cpe:/a:sssd:libsss_autofs
cpe:/a:sssd:sssd
cpe:/o:oracle:linux:6

© SecPod Technologies