Vulnerabilities > CVE-2015-5292 - Resource Management Errors vulnerability in Fedoraproject Sssd
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2019.NASL description From Red Hat Security Advisory 2015:2019 : Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD last seen 2020-06-01 modified 2020-06-02 plugin id 86843 published 2015-11-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86843 title Oracle Linux 6 : sssd (ELSA-2015-2019) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2019 and # Oracle Linux Security Advisory ELSA-2015-2019 respectively. # include("compat.inc"); if (description) { script_id(86843); script_version("2.7"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2015-5292"); script_xref(name:"RHSA", value:"2015:2019"); script_name(english:"Oracle Linux 6 : sssd (ELSA-2015-2019)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:2019 : Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) This update also fixes the following bugs : * Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the '(' opening parenthesis sign. Consequently, SSSD skipped such sudo rules. The internal sysdb search has been modified to escape special characters when searching for objects to which sudo rules apply. As a result, SSSD applies the described sudo rules as expected. (BZ#1258398) * Prior to this update, SSSD did not correctly handle group names containing special Lightweight Directory Access Protocol (LDAP) characters, such as the '(' or ')' parenthesis signs. When a group name contained one or more such characters, the internal cache cleanup operation failed with an I/O error. With this update, LDAP special characters in the Distinguished Name (DN) of a cache entry are escaped before the cleanup operation starts. As a result, the cleanup operation completes successfully in the described situation. (BZ#1264098) * Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug. (BZ#1268783) * Previously, when malformed POSIX attributes were defined in an Active Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode. This update relaxes certain checks for AD POSIX attribute validity. As a result, SSSD now works as expected even when malformed POSIX attributes are present in AD and no longer enters offline mode in the described situation. (BZ#1268784) All sssd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the sssd service will be restarted automatically. Additionally, all running applications using the PAC responder plug-in must be restarted for the changes to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-November/005530.html" ); script_set_attribute(attribute:"solution", value:"Update the affected sssd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libipa_hbac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libipa_hbac-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_nss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_nss_idmap-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_simpleifp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_simpleifp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-sssdconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-common-pac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-ipa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-krb5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", cpu:"x86_64", reference:"bsss_idmap-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libipa_hbac-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libipa_hbac-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libipa_hbac-python-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libsss_idmap-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libsss_idmap-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libsss_nss_idmap-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libsss_nss_idmap-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libsss_nss_idmap-python-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libsss_simpleifp-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"libsss_simpleifp-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"python-sssdconfig-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-ad-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-client-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-common-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-common-pac-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-dbus-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-ipa-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-krb5-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-krb5-common-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-ldap-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-proxy-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"EL6", reference:"sssd-tools-1.12.4-47.el6_7.4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bsss_idmap-devel / libipa_hbac / libipa_hbac-devel / etc"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-635.NASL description It was found that SSSD last seen 2020-06-01 modified 2020-06-02 plugin id 87969 published 2016-01-19 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87969 title Amazon Linux AMI : sssd (ALAS-2016-635) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2016-635. # include("compat.inc"); if (description) { script_id(87969); script_version("2.2"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2015-5292"); script_xref(name:"ALAS", value:"2016-635"); script_name(english:"Amazon Linux AMI : sssd (ALAS-2016-635)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2016-635.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update sssd' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libipa_hbac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsss_nss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsss_simpleifp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsss_simpleifp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-sss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-sss-murmur"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-sssdconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-common-pac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-ipa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-krb5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sssd-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"libipa_hbac-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libipa_hbac-devel-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libsss_idmap-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libsss_idmap-devel-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libsss_nss_idmap-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libsss_nss_idmap-devel-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libsss_simpleifp-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libsss_simpleifp-devel-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"python27-libipa_hbac-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"python27-libsss_nss_idmap-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"python27-sss-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"python27-sss-murmur-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"python27-sssdconfig-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-ad-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-client-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-common-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-common-pac-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-dbus-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-debuginfo-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-ipa-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-krb5-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-krb5-common-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-ldap-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-libwbclient-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-libwbclient-devel-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-proxy-1.13.0-40.6.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"sssd-tools-1.13.0-40.6.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libipa_hbac / libipa_hbac-devel / libsss_idmap / libsss_idmap-devel / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2015-7B47DF69D3.NASL description Security fix for CVE-2015-5292 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89296 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89296 title Fedora 22 : sssd-1.13.1-2.fc22 (2015-7b47df69d3) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-7b47df69d3. # include("compat.inc"); if (description) { script_id(89296); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-5292"); script_xref(name:"FEDORA", value:"2015-7b47df69d3"); script_name(english:"Fedora 22 : sssd-1.13.1-2.fc22 (2015-7b47df69d3)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2015-5292 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1267580" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9cbb275d" ); script_set_attribute(attribute:"solution", value:"Update the affected sssd package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sssd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"sssd-1.13.1-2.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sssd"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2355.NASL description From Red Hat Security Advisory 2015:2355 : Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD last seen 2020-06-01 modified 2020-06-02 plugin id 87095 published 2015-11-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87095 title Oracle Linux 7 : sssd (ELSA-2015-2355) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2355 and # Oracle Linux Security Advisory ELSA-2015-2355 respectively. # include("compat.inc"); if (description) { script_id(87095); script_version("2.8"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2015-5292"); script_xref(name:"RHSA", value:"2015:2355"); script_name(english:"Oracle Linux 7 : sssd (ELSA-2015-2355)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:2355 : Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1205554) Several enhancements are described in the Red Hat Enterprise Linux 7.2 Release Notes, linked to in the References section : * SSSD smart card support (BZ#854396) * Cache authentication in SSSD (BZ#910187) * SSSD supports overriding automatically discovered AD site (BZ#1163806) * SSSD can now deny SSH access to locked accounts (BZ#1175760) * SSSD enables UID and GID mapping on individual clients (BZ#1183747) * Background refresh of cached entries (BZ#1199533) * Multi-step prompting for one-time and long-term passwords (BZ#1200873) * Caching for initgroups operations (BZ#1206575) Bugs fixed : * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314) * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. (BZ#1198477) * The SRV queries used a hard-coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541) * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. (BZ#1201840) * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. (BZ#1202170) * If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. (BZ#1202245) * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. (BZ#1204203) * SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. (BZ#1205852) * SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. (BZ#1208507) * The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. (BZ#1211830) * The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. (BZ#1212489) * Now, default_domain_suffix is not considered anymore for autofs maps. (BZ#1216285) * The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. (BZ#1217350) * The group resolution failed with an error message: 'Error: 14 (Bad address)'. The binary GUID handling has been fixed. (BZ#1226119) Enhancements added : * The description of default_domain_suffix has been improved in the manual pages. (BZ#1185536) * With the new '%0' template option, users on SSSD IdM clients can now use home directories set on AD. (BZ#1187103) All sssd users are advised to upgrade to these updated packages, which correct these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-November/005579.html" ); script_set_attribute(attribute:"solution", value:"Update the affected sssd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libipa_hbac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_nss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_simpleifp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsss_simpleifp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-sss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-sss-murmur"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-sssdconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-common-pac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-ipa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-krb5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:sssd-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libipa_hbac-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libipa_hbac-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsss_idmap-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsss_nss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsss_nss_idmap-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsss_simpleifp-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsss_simpleifp-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-libipa_hbac-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-libsss_nss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-sss-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-sss-murmur-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-sssdconfig-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-ad-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-client-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-common-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-common-pac-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-dbus-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-ipa-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-krb5-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-krb5-common-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-ldap-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-libwbclient-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-libwbclient-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-proxy-1.13.0-40.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"sssd-tools-1.13.0-40.el7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libipa_hbac / libipa_hbac-devel / libsss_idmap / libsss_idmap-devel / etc"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2355.NASL description Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD last seen 2020-06-01 modified 2020-06-02 plugin id 87151 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87151 title CentOS 7 : sssd (CESA-2015:2355) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2355 and # CentOS Errata and Security Advisory 2015:2355 respectively. # include("compat.inc"); if (description) { script_id(87151); script_version("2.8"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2015-5292"); script_xref(name:"RHSA", value:"2015:2355"); script_name(english:"CentOS 7 : sssd (CESA-2015:2355)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1205554) Several enhancements are described in the Red Hat Enterprise Linux 7.2 Release Notes, linked to in the References section : * SSSD smart card support (BZ#854396) * Cache authentication in SSSD (BZ#910187) * SSSD supports overriding automatically discovered AD site (BZ#1163806) * SSSD can now deny SSH access to locked accounts (BZ#1175760) * SSSD enables UID and GID mapping on individual clients (BZ#1183747) * Background refresh of cached entries (BZ#1199533) * Multi-step prompting for one-time and long-term passwords (BZ#1200873) * Caching for initgroups operations (BZ#1206575) Bugs fixed : * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314) * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. (BZ#1198477) * The SRV queries used a hard-coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541) * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. (BZ#1201840) * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. (BZ#1202170) * If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. (BZ#1202245) * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. (BZ#1204203) * SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. (BZ#1205852) * SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. (BZ#1208507) * The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. (BZ#1211830) * The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. (BZ#1212489) * Now, default_domain_suffix is not considered anymore for autofs maps. (BZ#1216285) * The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. (BZ#1217350) * The group resolution failed with an error message: 'Error: 14 (Bad address)'. The binary GUID handling has been fixed. (BZ#1226119) Enhancements added : * The description of default_domain_suffix has been improved in the manual pages. (BZ#1185536) * With the new '%0' template option, users on SSSD IdM clients can now use home directories set on AD. (BZ#1187103) All sssd users are advised to upgrade to these updated packages, which correct these issues and add these enhancements." ); # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002626.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?68582f38" ); script_set_attribute(attribute:"solution", value:"Update the affected sssd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5292"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libipa_hbac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_nss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_simpleifp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_simpleifp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-sss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-sss-murmur"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-sssdconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-common-pac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-ipa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-krb5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libipa_hbac-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libipa_hbac-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_idmap-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_nss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_nss_idmap-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_simpleifp-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_simpleifp-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-libipa_hbac-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-libsss_nss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-sss-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-sss-murmur-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-sssdconfig-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-ad-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-client-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-common-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-common-pac-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-dbus-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-ipa-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-krb5-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-krb5-common-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-ldap-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-libwbclient-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-libwbclient-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-proxy-1.13.0-40.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-tools-1.13.0-40.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libipa_hbac / libipa_hbac-devel / libsss_idmap / libsss_idmap-devel / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2019.NASL description Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD last seen 2020-06-01 modified 2020-06-02 plugin id 86845 published 2015-11-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86845 title RHEL 6 : sssd (RHSA-2015:2019) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2019. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(86845); script_version("2.9"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2015-5292"); script_xref(name:"RHSA", value:"2015:2019"); script_name(english:"RHEL 6 : sssd (RHSA-2015:2019)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) This update also fixes the following bugs : * Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the '(' opening parenthesis sign. Consequently, SSSD skipped such sudo rules. The internal sysdb search has been modified to escape special characters when searching for objects to which sudo rules apply. As a result, SSSD applies the described sudo rules as expected. (BZ#1258398) * Prior to this update, SSSD did not correctly handle group names containing special Lightweight Directory Access Protocol (LDAP) characters, such as the '(' or ')' parenthesis signs. When a group name contained one or more such characters, the internal cache cleanup operation failed with an I/O error. With this update, LDAP special characters in the Distinguished Name (DN) of a cache entry are escaped before the cleanup operation starts. As a result, the cleanup operation completes successfully in the described situation. (BZ#1264098) * Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug. (BZ#1268783) * Previously, when malformed POSIX attributes were defined in an Active Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode. This update relaxes certain checks for AD POSIX attribute validity. As a result, SSSD now works as expected even when malformed POSIX attributes are present in AD and no longer enters offline mode in the described situation. (BZ#1268784) All sssd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the sssd service will be restarted automatically. Additionally, all running applications using the PAC responder plug-in must be restarted for the changes to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:2019" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5292" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_nss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_nss_idmap-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_simpleifp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_simpleifp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-sssdconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-common-pac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-ipa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-krb5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:2019"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"libipa_hbac-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libipa_hbac-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libipa_hbac-python-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libipa_hbac-python-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libipa_hbac-python-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libsss_idmap-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libsss_idmap-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libsss_nss_idmap-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libsss_nss_idmap-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libsss_nss_idmap-python-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libsss_nss_idmap-python-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libsss_nss_idmap-python-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libsss_simpleifp-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libsss_simpleifp-devel-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"python-sssdconfig-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-ad-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-ad-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-ad-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"sssd-client-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-common-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-common-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-common-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-common-pac-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-common-pac-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-common-pac-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-dbus-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-dbus-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-dbus-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", reference:"sssd-debuginfo-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-ipa-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-ipa-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-ipa-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-krb5-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-krb5-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-krb5-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-krb5-common-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-krb5-common-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-krb5-common-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-ldap-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-ldap-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-ldap-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-proxy-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-proxy-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-proxy-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"sssd-tools-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"sssd-tools-1.12.4-47.el6_7.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"sssd-tools-1.12.4-47.el6_7.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libipa_hbac / libipa_hbac-devel / libipa_hbac-python / libsss_idmap / etc"); } }
NASL family Scientific Linux Local Security Checks NASL id SL_20151119_SSSD_ON_SL7_X.NASL description It was found that SSSD last seen 2020-03-18 modified 2015-12-22 plugin id 87575 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87575 title Scientific Linux Security Update : sssd on SL7.x x86_64 (20151119) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(87575); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2015-5292"); script_name(english:"Scientific Linux Security Update : sssd on SL7.x x86_64 (20151119)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. - SSSD smart card support * Cache authentication in SSSD * SSSD supports overriding automatically discovered AD site * SSSD can now deny SSH access to locked accounts * SSSD enables UID and GID mapping on individual clients * Background refresh of cached entries * Multi-step prompting for one-time and long-term passwords * Caching for initgroups operations Bugs fixed : - When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. - If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. - The SRV queries used a hard-coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. - Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. - When an IdM client with Scientific Linux 7.1 or later was connecting to a server with Scientific Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. - If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. - The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. - SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. - SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. - The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. - The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. - Now, default_domain_suffix is not considered anymore for autofs maps. - The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. - The group resolution failed with an error message: 'Error: 14 (Bad address)'. The binary GUID handling has been fixed. Enhancements added : - The description of default_domain_suffix has been improved in the manual pages. - With the new '%0' template option, users on SSSD IdM clients can now use home directories set on AD." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=8032 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b620618f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libipa_hbac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_nss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_simpleifp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_simpleifp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-sss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-sss-murmur"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-sssdconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-common-pac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-ipa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-krb5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-tools"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libipa_hbac-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libipa_hbac-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsss_idmap-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsss_nss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsss_nss_idmap-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsss_simpleifp-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsss_simpleifp-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-libipa_hbac-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-libsss_nss_idmap-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-sss-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-sss-murmur-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", reference:"python-sssdconfig-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-ad-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-client-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-common-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-common-pac-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-dbus-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-debuginfo-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-ipa-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-krb5-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-krb5-common-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-ldap-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-libwbclient-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-libwbclient-devel-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-proxy-1.13.0-40.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"sssd-tools-1.13.0-40.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libipa_hbac / libipa_hbac-devel / libsss_idmap / libsss_idmap-devel / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2015-CDEA5324A8.NASL description Security fix for CVE-2015-5292 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89413 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89413 title Fedora 21 : sssd-1.12.5-4.fc21 (2015-cdea5324a8) NASL family Scientific Linux Local Security Checks NASL id SL_20151110_SSSD_ON_SL6_X.NASL description It was found that SSSD last seen 2020-03-18 modified 2015-11-11 plugin id 86846 published 2015-11-11 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86846 title Scientific Linux Security Update : sssd on SL6.x i386/x86_64 (20151110) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2355.NASL description Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD last seen 2020-06-01 modified 2020-06-02 plugin id 86983 published 2015-11-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86983 title RHEL 7 : sssd (RHSA-2015:2355) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2019.NASL description Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD last seen 2020-06-01 modified 2020-06-02 plugin id 86831 published 2015-11-11 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86831 title CentOS 6 : sssd (CESA-2015:2019) NASL family Fedora Local Security Checks NASL id FEDORA_2015-202C127199.NASL description Security fix for CVE-2015-5292 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89171 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89171 title Fedora 23 : sssd-1.13.1-2.fc23 (2015-202c127199)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
- https://fedorahosted.org/sssd/ticket/2803
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1267580
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/77529
- https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html
- http://rhn.redhat.com/errata/RHSA-2015-2019.html
- http://rhn.redhat.com/errata/RHSA-2015-2355.html
- http://www.securitytracker.com/id/1034038
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html