This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Oracle Linux host is missing one or more security updates.
From Red Hat Security Advisory 2017:2285 :
An update for authconfig is now available for Red Hat Enterprise Linux
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The authconfig packages contain a command-line utility and a GUI
application that can configure a workstation to be a client for
certain network user information, authentication schemes, and other
user information and authentication-related options.
Security Fix(es) :
* A flaw was found where authconfig could configure sssd in a way that
treats existing and non-existing logins differently, leaking
information on existence of a user. An attacker with physical or
network access to the machine could enumerate users via a timing
This issue was discovered by Tomas Mraz (Red Hat) and Thorsten Scherf
Additional Changes :
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section.
See also :
Update the affected authconfig packages.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.3
Public Exploit Available : true