CentOS 7 : sssd (CESA-2017:3379)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote CentOS host is missing one or more security updates.

Description :

An update for sssd is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The System Security Services Daemon (SSSD) service provides a set of
daemons to manage access to remote directories and authentication
mechanisms. It also provides the Name Service Switch (NSS) and the
Pluggable Authentication Modules (PAM) interfaces toward the system,
and a pluggable back-end system to connect to multiple different
account sources.

Security Fix(es) :

* It was found that sssd's sysdb_search_user_by_upn_res() function did
not sanitize requests when querying its local cache and was vulnerable
to injection. In a centralized login environment, if a password hash
was locally cached for a given user, an authenticated attacker could
use this flaw to retrieve it. (CVE-2017-12173)

This issue was discovered by Sumit Bose (Red Hat).

Bug Fix(es) :

* Previously, SSSD's krb5 provider did not respect changed UIDs in ID
views overriding the default view. Consequently, Kerberos credential
caches were created with the incorrect, original UID, and processes of
the user were not able to find the changed UID. With this update,
SSSD's krb5 provider is made aware of the proper ID view name and
respects the ID override data. As a result, the Kerberos credential
cache is now created with the expected UID, and the processes can find
it. (BZ#1508972)

* Previously, the list of cache request domains was sometimes freed in
the middle of a cache request operation due to the refresh domains
request, as they both were using the same list. As a consequence, a
segmentation fault sometimes occurred in SSSD. With this update, SSSD
uses a copy of the cache request domains' list for each cache request.
As a result, SSSD no longer crashes in this case. (BZ#1509177)

* Previously, the calls provided by SSSD to send data to the Privilege
Attribute Certificate (PAC) responder did not use a mutex or any other
means to serialize access to the PAC responder from a single process.
When multithreaded applications overran the PAC responder with
multiple parallel requests, some threads did not receive a proper
reply. Consequently, such threads only resumed work after waiting 5
minutes for a response. This update configures mutex to serialize
access to the PAC responder socket for multithreaded applications. As
a result, all threads now get a proper and timely reply. (BZ#1506682)

See also :

http://www.nessus.org/u?01743f65

Solution :

Update the affected sssd packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.0
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: CentOS Local Security Checks

Nessus Plugin ID: 105059 ()

Bugtraq ID:

CVE ID: CVE-2017-12173

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now