Detections
Analytics

MiracleLinux 7 : sssd-1.13.0-40.el7 (AXSA:2015-829:03)

medium Nessus Plugin ID 289370

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-829:03 advisory.

 Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.
 The sssd subpackage is a meta-package that contains the deamon as well as all the existing back ends.
 Security issues fixed with this release:
 CVE-2015-5292 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
 Enhancements:
 * SSSD smart card support Fixed bugs:
 * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error.
 * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes.
 * The SRV queries used a hard coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet.
 * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping.
 * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly.
 * If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access.
 * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes.
 * SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers.
 * SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name.
 * The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side.
 * The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process.
 * Now, default_domain_suffix is not considered anymore for autofs maps.
 * The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains.
 * The group resolution failed with an error message: Error: 14 (Bad address). The binary GUID handling has been fixed.
 Enhancements:
 * The description of default_domain_suffix has been improved in the manual pages.
 * With the new %0 template option, users on SSSD IdM clients can now use home directories set on AD.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/6216

Plugin Details

Severity: Medium

ID: 289370

File Name: miracle_linux_AXSA-2015-829.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2015-5292

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:sssd-common, p-cpe:/a:miracle:linux:python-libipa_hbac, p-cpe:/a:miracle:linux:sssd-ipa, p-cpe:/a:miracle:linux:sssd-ad, p-cpe:/a:miracle:linux:sssd, p-cpe:/a:miracle:linux:sssd-tools, p-cpe:/a:miracle:linux:sssd-client, p-cpe:/a:miracle:linux:libipa_hbac, p-cpe:/a:miracle:linux:sssd-krb5, p-cpe:/a:miracle:linux:libsss_simpleifp, p-cpe:/a:miracle:linux:python-sss-murmur, p-cpe:/a:miracle:linux:sssd-ldap, p-cpe:/a:miracle:linux:sssd-krb5-common, p-cpe:/a:miracle:linux:libsss_nss_idmap, cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:sssd-libwbclient, p-cpe:/a:miracle:linux:sssd-common-pac, p-cpe:/a:miracle:linux:python-libsss_nss_idmap, p-cpe:/a:miracle:linux:python-sss, p-cpe:/a:miracle:linux:libsss_idmap, p-cpe:/a:miracle:linux:sssd-dbus, p-cpe:/a:miracle:linux:sssd-proxy, p-cpe:/a:miracle:linux:python-sssdconfig

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/29/2015

Vulnerability Publication Date: 10/7/2015

Reference Information

CVE: CVE-2015-5292