openSUSE-SU-2019:1576

openSUSE-SU-2019:1589

RHSA-2019:2177

RHSA-2019:2437

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sssd packages installed that are affected by multiple vulnerabilities:

  - A vulnerability was found in sssd. If a user was     configured with no home directory set, sssd would return     '/' (the root directory) instead of '' (the empty string     / no home directory). This could impact services that     restrict the user's filesystem access to within their     home directory through chroot() etc. All versions before     2.1 are vulnerable. (CVE-2019-3811)

  - A flaw was found in sssd Group Policy Objects     implementation. When the GPO is not readable by SSSD due     to a too strict permission settings on the server side,     SSSD will allow all authenticated users to login instead     of denying access. (CVE-2018-16838)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - A flaw was found in sssd Group Policy Objects     implementation. When the GPO is not readable by SSSD     due to a too strict permission settings on the server     side, SSSD will allow all authenticated users to login     instead of denying access.(CVE-2018-16838)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for sssd is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.

The following packages have been upgraded to a later upstream version:
sssd (2.2.0). (BZ#1687281)

Security Fix(es) :

* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838)

A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot().(CVE-2019-3811)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sssd packages installed that are affected by multiple vulnerabilities:

  - A vulnerability was found in sssd. If a user was     configured with no home directory set, sssd would return     '/' (the root directory) instead of '' (the empty string     / no home directory). This could impact services that     restrict the user's filesystem access to within their     home directory through chroot() etc. All versions before     2.1 are vulnerable. (CVE-2019-3811)

  - A flaw was found in sssd Group Policy Objects     implementation. When the GPO is not readable by SSSD due     to a too strict permission settings on the server side,     SSSD will allow all authenticated users to login instead     of denying access. (CVE-2018-16838)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update for sssd is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.

The following packages have been upgraded to a later upstream version:
sssd (1.16.4). (BZ#1658994)

Security Fix(es) :

* sssd: fallback_homedir returns '/' for empty home directories in passwd file (CVE-2019-3811)

* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

The following packages have been upgraded to a later upstream version:
sssd (1.16.4).

Security Fix(es) :

  - sssd: fallback_homedir returns '/' for empty home     directories in passwd file (CVE-2019-3811)

  - sssd: improper implementation of GPOs due to too     restrictive permissions (CVE-2018-16838)

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.
Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The following packages have been upgraded to a later upstream version:
imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1669357, BZ#1669365, BZ#1684986, BZ# 1711193, BZ#1717250, BZ#1726917)

Security Fix(es) :

* python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)

* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)

* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)

* openssl: 0-byte record padding oracle (CVE-2019-1559)

* cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment (CVE-2019-10139)

* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This update for sssd fixes the following issues :

Security issue fixed :

  - CVE-2018-16838: Fixed an authentication bypass related     to the Group Policy Objects implementation     (bsc#1124194). 

Non-security issues fixed :

  - Allow defaults sudoRole without sudoUser attribute     (bsc#1135247)

  - Missing GPOs directory could have led to login problems     (bsc#1132879)

  - Fix a crash by adding a netgroup counter to struct     nss_enum_index (bsc#1132657)

This update was imported from the SUSE:SLE-15:Update update project.

This update for sssd fixes the following issues :

Security issue fixed :

  - CVE-2018-16838: Fixed an authentication bypass related     to the Group Policy Objects implementation     (bsc#1124194).

Non-security issue fixed :

  - Create directory to download and cache GPOs     (bsc#1132879)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for sssd fixes the following issues :

Security issue fixed :

CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194)

Non-security issues fixed: Missing GPOs directory could have led to login problems (bsc#1132879)

Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657)

Allow defaults sudoRole without sudoUser attribute (bsc#1135247)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for sssd fixes the following issues :

Security issue fixed :

CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194).

Non-security issue fixed: Create directory to download and cache GPOs (bsc#1132879)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for sssd fixes the following issues :

Security issue fixed :

CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194).

Non-security issues fixed: Allow defaults sudoRole without sudoUser attribute (bsc#1135247)

Missing GPOs directory could have led to login problems (bsc#1132879)

Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
132447	NewStart CGSL CORE 5.05 / MAIN 5.05 : sssd Multiple Vulnerabilities (NS-SA-2019-0241)	Nessus	NewStart CGSL Local Security Checks	medium
132202	EulerOS 2.0 SP3 : sssd (EulerOS-SA-2019-2667)	Nessus	Huawei Local Security Checks	medium
131670	EulerOS 2.0 SP2 : sssd (EulerOS-SA-2019-2517)	Nessus	Huawei Local Security Checks	medium
130652	EulerOS 2.0 SP5 : sssd (EulerOS-SA-2019-2190)	Nessus	Huawei Local Security Checks	medium
130562	RHEL 8 : sssd (RHSA-2019:3651)	Nessus	Red Hat Local Security Checks	medium
130402	Amazon Linux 2 : sssd (ALAS-2019-1343)	Nessus	Amazon Linux Local Security Checks	medium
129890	NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Multiple Vulnerabilities (NS-SA-2019-0195)	Nessus	NewStart CGSL Local Security Checks	medium
129797	Amazon Linux AMI : sssd (ALAS-2019-1307)	Nessus	Amazon Linux Local Security Checks	medium
128370	CentOS 7 : sssd (CESA-2019:2177)	Nessus	CentOS Local Security Checks	medium
128264	Scientific Linux Security Update : sssd on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	medium
127986	RHEL 7 : Virtualization Manager (RHSA-2019:2437)	Nessus	Red Hat Local Security Checks	medium
127691	RHEL 7 : sssd (RHSA-2019:2177)	Nessus	Red Hat Local Security Checks	medium
126060	openSUSE Security Update : sssd (openSUSE-2019-1589)	Nessus	SuSE Local Security Checks	medium
126037	openSUSE Security Update : sssd (openSUSE-2019-1576)	Nessus	SuSE Local Security Checks	medium
125876	SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1480-1)	Nessus	SuSE Local Security Checks	medium
125875	SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1477-1)	Nessus	SuSE Local Security Checks	medium
125874	SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2019:1476-1)	Nessus	SuSE Local Security Checks	medium

CVE-2018-16838

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins