Vulnerabilities > CVE-2018-16838 - Improper Privilege Management vulnerability in multiple products

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

fedoraproject

redhat

CWE-269

nessus

NVD

Published: 2019-03-25

Updated: 2023-05-29

Summary

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.

Vulnerable Configurations

Part	Description	Count
Application	Fedoraproject Fedoraproject Sssd -	1
OS	Redhat Redhat Enterprise Linux 7.0	1

Common Weakness Enumeration (CWE)

CWE-269 - Improper Privilege Management

Common Attack Pattern Enumeration and Classification (CAPEC)

Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1576.NASL
description	This update for sssd fixes the following issues : Security issue fixed : - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issue fixed : - Create directory to download and cache GPOs (bsc#1132879) This update was imported from the SUSE:SLE-12-SP2:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	126037
published	2019-06-19
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126037
title	openSUSE Security Update : sssd (openSUSE-2019-1576)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1576. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(126037); script_version("1.2"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2018-16838"); script_name(english:"openSUSE Security Update : sssd (openSUSE-2019-1576)"); script_summary(english:"Check for the openSUSE-2019-1576 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for sssd fixes the following issues : Security issue fixed : - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issue fixed : - Create directory to download and cache GPOs (bsc#1132879) This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124194" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132879" ); script_set_attribute(attribute:"solution", value:"Update the affected sssd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipa_hbac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipa_hbac0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipa_hbac0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsss_idmap0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsss_idmap0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsss_nss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsss_nss_idmap0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsss_nss_idmap0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsss_sudo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsss_sudo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-ipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-ipa_hbac-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-sss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-sss_nss_idmap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-sssd-config"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-sssd-config-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-ad-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-ipa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-ipa-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-krb5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-krb5-common-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-krb5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-proxy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sssd-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"libipa_hbac-devel-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libipa_hbac0-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libipa_hbac0-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsss_idmap-devel-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsss_idmap0-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsss_idmap0-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsss_nss_idmap-devel-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsss_nss_idmap0-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsss_nss_idmap0-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsss_sudo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsss_sudo-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-ipa_hbac-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-ipa_hbac-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-sss_nss_idmap-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-sss_nss_idmap-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-sssd-config-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-sssd-config-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-ad-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-ad-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-debugsource-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-ipa-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-ipa-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-krb5-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-krb5-common-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-krb5-common-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-krb5-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-ldap-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-ldap-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-proxy-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-proxy-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-tools-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sssd-tools-debuginfo-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"sssd-32bit-1.13.4-21.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"sssd-debuginfo-32bit-1.13.4-21.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libipa_hbac-devel / libipa_hbac0 / libipa_hbac0-debuginfo / etc"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2667.NASL
description	According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-12-18
plugin id	132202
published	2019-12-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132202
title	EulerOS 2.0 SP3 : sssd (EulerOS-SA-2019-2667)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(132202); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2018-16838" ); script_name(english:"EulerOS 2.0 SP3 : sssd (EulerOS-SA-2019-2667)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2667 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fc66e02f"); script_set_attribute(attribute:"solution", value: "Update the affected sssd package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_autofs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_certmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_simpleifp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_sudo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libsss_nss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-sss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-sss-murmur"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-sssdconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-common-pac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-ipa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-krb5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libipa_hbac-1.15.2-50.8.h4", "libsss_autofs-1.15.2-50.8.h4", "libsss_certmap-1.15.2-50.8.h4", "libsss_idmap-1.15.2-50.8.h4", "libsss_nss_idmap-1.15.2-50.8.h4", "libsss_simpleifp-1.15.2-50.8.h4", "libsss_sudo-1.15.2-50.8.h4", "python-libipa_hbac-1.15.2-50.8.h4", "python-libsss_nss_idmap-1.15.2-50.8.h4", "python-sss-1.15.2-50.8.h4", "python-sss-murmur-1.15.2-50.8.h4", "python-sssdconfig-1.15.2-50.8.h4", "sssd-1.15.2-50.8.h4", "sssd-ad-1.15.2-50.8.h4", "sssd-client-1.15.2-50.8.h4", "sssd-common-1.15.2-50.8.h4", "sssd-common-pac-1.15.2-50.8.h4", "sssd-dbus-1.15.2-50.8.h4", "sssd-ipa-1.15.2-50.8.h4", "sssd-krb5-1.15.2-50.8.h4", "sssd-krb5-common-1.15.2-50.8.h4", "sssd-ldap-1.15.2-50.8.h4", "sssd-libwbclient-1.15.2-50.8.h4", "sssd-proxy-1.15.2-50.8.h4", "sssd-tools-1.15.2-50.8.h4"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sssd"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-3651.NASL
description	An update for sssd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The following packages have been upgraded to a later upstream version: sssd (2.2.0). (BZ#1687281) Security Fix(es) : * sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	130562
published	2019-11-06
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130562
title	RHEL 8 : sssd (RHSA-2019:3651)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2019-2177.NASL
description	An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The following packages have been upgraded to a later upstream version: sssd (1.16.4). (BZ#1658994) Security Fix(es) : * sssd: fallback_homedir returns
last seen	2020-06-01
modified	2020-06-02
plugin id	128370
published	2019-08-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128370
title	CentOS 7 : sssd (CESA-2019:2177)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1453.NASL
description	According to the version of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-04-30
modified	2020-04-16
plugin id	135615
published	2020-04-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135615
title	EulerOS Virtualization 3.0.2.2 : sssd (EulerOS-SA-2020-1453)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20190806_SSSD_ON_SL7_X.NASL
description	The following packages have been upgraded to a later upstream version: sssd (1.16.4). Security Fix(es) : - sssd: fallback_homedir returns
last seen	2020-03-18
modified	2019-08-27
plugin id	128264
published	2019-08-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128264
title	Scientific Linux Security Update : sssd on SL7.x x86_64 (20190806)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2190.NASL
description	According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-11-08
plugin id	130652
published	2019-11-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130652
title	EulerOS 2.0 SP5 : sssd (EulerOS-SA-2019-2190)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0195_SSSD.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sssd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return
last seen	2020-06-01
modified	2020-06-02
plugin id	129890
published	2019-10-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129890
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Multiple Vulnerabilities (NS-SA-2019-0195)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2177.NASL
description	An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The following packages have been upgraded to a later upstream version: sssd (1.16.4). (BZ#1658994) Security Fix(es) : * sssd: fallback_homedir returns
last seen	2020-06-01
modified	2020-06-02
plugin id	127691
published	2019-08-12
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127691
title	RHEL 7 : sssd (RHSA-2019:2177)

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2019-1343.NASL
description	A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838) A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return
last seen	2020-06-01
modified	2020-06-02
plugin id	130402
published	2019-10-31
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130402
title	Amazon Linux 2 : sssd (ALAS-2019-1343)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1476-1.NASL
description	This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issues fixed: Allow defaults sudoRole without sudoUser attribute (bsc#1135247) Missing GPOs directory could have led to login problems (bsc#1132879) Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125874
published	2019-06-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125874
title	SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2019:1476-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2437.NASL
description	An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
last seen	2020-06-01
modified	2020-06-02
plugin id	127986
published	2019-08-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127986
title	RHEL 7 : Virtualization Manager (RHSA-2019:2437)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1209.NASL
description	According to the version of the sssd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-19
modified	2020-03-13
plugin id	134498
published	2020-03-13
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134498
title	EulerOS Virtualization for ARM 64 3.0.2.0 : sssd (EulerOS-SA-2020-1209)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1477-1.NASL
description	This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issue fixed: Create directory to download and cache GPOs (bsc#1132879) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125875
published	2019-06-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125875
title	SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1477-1)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2019-1307.NASL
description	A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838) A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return
last seen	2020-06-01
modified	2020-06-02
plugin id	129797
published	2019-10-11
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129797
title	Amazon Linux AMI : sssd (ALAS-2019-1307)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1480-1.NASL
description	This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194) Non-security issues fixed: Missing GPOs directory could have led to login problems (bsc#1132879) Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) Allow defaults sudoRole without sudoUser attribute (bsc#1135247) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125876
published	2019-06-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125876
title	SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1480-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1589.NASL
description	This update for sssd fixes the following issues : Security issue fixed : - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issues fixed : - Allow defaults sudoRole without sudoUser attribute (bsc#1135247) - Missing GPOs directory could have led to login problems (bsc#1132879) - Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	126060
published	2019-06-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126060
title	openSUSE Security Update : sssd (openSUSE-2019-1589)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0241_SSSD.NASL
description	The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sssd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return
last seen	2020-06-01
modified	2020-06-02
plugin id	132447
published	2019-12-31
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132447
title	NewStart CGSL CORE 5.05 / MAIN 5.05 : sssd Multiple Vulnerabilities (NS-SA-2019-0241)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2517.NASL
description	According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-12-04
plugin id	131670
published	2019-12-04
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131670
title	EulerOS 2.0 SP2 : sssd (EulerOS-SA-2019-2517)

Redhat

advisories

bugzilla

id	1736861
title	dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND

comment python3-sssdconfig is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651001
comment python3-sssdconfig is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193651002

AND

comment sssd-debugsource is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651003
comment sssd-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193651004

AND

comment sssd-winbind-idmap is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651005
comment sssd-winbind-idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20173379010

AND
comment sssd-tools is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651007
comment sssd-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375032
AND
comment sssd-proxy is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651009
comment sssd-proxy is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375020

AND

comment sssd-polkit-rules is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651011
comment sssd-polkit-rules is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20173379044

AND
comment sssd-nfs-idmap is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651013
comment sssd-nfs-idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193651014

AND

comment sssd-libwbclient is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651015
comment sssd-libwbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150441042

AND
comment sssd-ldap is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651017
comment sssd-ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375016

AND

comment sssd-krb5-common is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651019
comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375028

AND
comment sssd-krb5 is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651021
comment sssd-krb5 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375018
AND
comment sssd-kcm is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651023
comment sssd-kcm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20173379046
AND
comment sssd-ipa is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651025
comment sssd-ipa is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375004
AND
comment sssd-dbus is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651027
comment sssd-dbus is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375012
AND
comment sssd-common-pac is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651029
comment sssd-common-pac is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375030
AND
comment sssd-common is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651031
comment sssd-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375014
AND
comment sssd-client is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651033
comment sssd-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375024
AND
comment sssd-ad is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651035
comment sssd-ad is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375022
AND
comment sssd is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651037
comment sssd is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375008

AND

comment python3-sss-murmur is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651039
comment python3-sss-murmur is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193651040

AND
comment python3-sss is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651041
comment python3-sss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193651042

AND

comment python3-libsss_nss_idmap is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651043
comment python3-libsss_nss_idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193651044

AND

comment python3-libipa_hbac is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651045
comment python3-libipa_hbac is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193651046

AND
comment libsss_sudo is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651047
comment libsss_sudo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130508002

AND

comment libsss_simpleifp is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651049
comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150441010

AND

comment libsss_nss_idmap is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651051
comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375042

AND
comment libsss_idmap is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651053
comment libsss_idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375006
AND
comment libsss_certmap is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651055
comment libsss_certmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20173379014
AND
comment libsss_autofs is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651057
comment libsss_autofs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130508012
AND
comment libipa_hbac is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651059
comment libipa_hbac is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375010

AND

comment libsss_nss_idmap-devel is earlier than 0:2.2.0-19.el8
oval oval:com.redhat.rhsa:tst:20193651061
comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375038

rhsa

id	RHSA-2019:3651
released	2019-11-05
severity	Low
title	RHSA-2019:3651: sssd security, bug fix, and enhancement update (Low)

rhsa
id RHSA-2019:2177
rhsa
id RHSA-2019:2437

rpms

libipa_hbac-0:1.16.4-21.el7
libipa_hbac-devel-0:1.16.4-21.el7
libsss_autofs-0:1.16.4-21.el7
libsss_certmap-0:1.16.4-21.el7
libsss_certmap-devel-0:1.16.4-21.el7
libsss_idmap-0:1.16.4-21.el7
libsss_idmap-devel-0:1.16.4-21.el7
libsss_nss_idmap-0:1.16.4-21.el7
libsss_nss_idmap-devel-0:1.16.4-21.el7
libsss_simpleifp-0:1.16.4-21.el7
libsss_simpleifp-devel-0:1.16.4-21.el7
libsss_sudo-0:1.16.4-21.el7
python-libipa_hbac-0:1.16.4-21.el7
python-libsss_nss_idmap-0:1.16.4-21.el7
python-sss-0:1.16.4-21.el7
python-sss-murmur-0:1.16.4-21.el7
python-sssdconfig-0:1.16.4-21.el7
sssd-0:1.16.4-21.el7
sssd-ad-0:1.16.4-21.el7
sssd-client-0:1.16.4-21.el7
sssd-common-0:1.16.4-21.el7
sssd-common-pac-0:1.16.4-21.el7
sssd-dbus-0:1.16.4-21.el7
sssd-debuginfo-0:1.16.4-21.el7
sssd-ipa-0:1.16.4-21.el7
sssd-kcm-0:1.16.4-21.el7
sssd-krb5-0:1.16.4-21.el7
sssd-krb5-common-0:1.16.4-21.el7
sssd-ldap-0:1.16.4-21.el7
sssd-libwbclient-0:1.16.4-21.el7
sssd-libwbclient-devel-0:1.16.4-21.el7
sssd-polkit-rules-0:1.16.4-21.el7
sssd-proxy-0:1.16.4-21.el7
sssd-tools-0:1.16.4-21.el7
sssd-winbind-idmap-0:1.16.4-21.el7
imgbased-0:1.1.9-0.1.el7ev
ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev
python-imgbased-0:1.1.9-0.1.el7ev
python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev
redhat-release-virtualization-host-0:4.3.5-2.el7ev
redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7
redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev
libipa_hbac-0:2.2.0-19.el8
libipa_hbac-debuginfo-0:2.2.0-19.el8
libsss_autofs-0:2.2.0-19.el8
libsss_autofs-debuginfo-0:2.2.0-19.el8
libsss_certmap-0:2.2.0-19.el8
libsss_certmap-debuginfo-0:2.2.0-19.el8
libsss_idmap-0:2.2.0-19.el8
libsss_idmap-debuginfo-0:2.2.0-19.el8
libsss_nss_idmap-0:2.2.0-19.el8
libsss_nss_idmap-debuginfo-0:2.2.0-19.el8
libsss_nss_idmap-devel-0:2.2.0-19.el8
libsss_simpleifp-0:2.2.0-19.el8
libsss_simpleifp-debuginfo-0:2.2.0-19.el8
libsss_sudo-0:2.2.0-19.el8
libsss_sudo-debuginfo-0:2.2.0-19.el8
python3-libipa_hbac-0:2.2.0-19.el8
python3-libipa_hbac-debuginfo-0:2.2.0-19.el8
python3-libsss_nss_idmap-0:2.2.0-19.el8
python3-libsss_nss_idmap-debuginfo-0:2.2.0-19.el8
python3-sss-0:2.2.0-19.el8
python3-sss-debuginfo-0:2.2.0-19.el8
python3-sss-murmur-0:2.2.0-19.el8
python3-sss-murmur-debuginfo-0:2.2.0-19.el8
python3-sssdconfig-0:2.2.0-19.el8
sssd-0:2.2.0-19.el8
sssd-ad-0:2.2.0-19.el8
sssd-ad-debuginfo-0:2.2.0-19.el8
sssd-client-0:2.2.0-19.el8
sssd-client-debuginfo-0:2.2.0-19.el8
sssd-common-0:2.2.0-19.el8
sssd-common-debuginfo-0:2.2.0-19.el8
sssd-common-pac-0:2.2.0-19.el8
sssd-common-pac-debuginfo-0:2.2.0-19.el8
sssd-dbus-0:2.2.0-19.el8
sssd-dbus-debuginfo-0:2.2.0-19.el8
sssd-debuginfo-0:2.2.0-19.el8
sssd-debugsource-0:2.2.0-19.el8
sssd-ipa-0:2.2.0-19.el8
sssd-ipa-debuginfo-0:2.2.0-19.el8
sssd-kcm-0:2.2.0-19.el8
sssd-kcm-debuginfo-0:2.2.0-19.el8
sssd-krb5-0:2.2.0-19.el8
sssd-krb5-common-0:2.2.0-19.el8
sssd-krb5-common-debuginfo-0:2.2.0-19.el8
sssd-krb5-debuginfo-0:2.2.0-19.el8
sssd-ldap-0:2.2.0-19.el8
sssd-ldap-debuginfo-0:2.2.0-19.el8
sssd-libwbclient-0:2.2.0-19.el8
sssd-libwbclient-debuginfo-0:2.2.0-19.el8
sssd-nfs-idmap-0:2.2.0-19.el8
sssd-nfs-idmap-debuginfo-0:2.2.0-19.el8
sssd-polkit-rules-0:2.2.0-19.el8
sssd-proxy-0:2.2.0-19.el8
sssd-proxy-debuginfo-0:2.2.0-19.el8
sssd-tools-0:2.2.0-19.el8
sssd-tools-debuginfo-0:2.2.0-19.el8
sssd-winbind-idmap-0:2.2.0-19.el8
sssd-winbind-idmap-debuginfo-0:2.2.0-19.el8

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References