sssd-1.9.2-82.4.AXS4

エラータID: AXSA:2013-386:01

Release date: 
Friday, April 12, 2013 - 13:35
Subject: 
sssd-1.9.2-82.4.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

Security issues fixed with this release:

• CVE-2013-0219
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.

• CVE-2013-0220
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.

• CVE-2013-0287
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

Fixed bugs:

• Fixed search delay when a member whose Distinguished Name (DN) pointed out of any of the configured search bases.

• Fixed the pwd_expiration_warning for Kerberos which was incorrectly set to 0.

Solution: 

Update packages.

CVEs: 
CVE-2013-0219
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
CVE-2013-0220
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.
CVE-2013-0287
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.




Additional Info: 

N/A

Download: 

SRPMS
  1. sssd-1.9.2-82.4.AXS4.src.rpm
    MD5: f04c70e6a292ecd3eaf8d5b8f359ff3a
    SHA-256: 6e548caed94adea44f53329467371474bb2873a1934d892b38e2a133b4f487a3
    Size: 3.00 MB

Asianux Server 4 for x86
  1. libipa_hbac-1.9.2-82.4.AXS4.i686.rpm
    MD5: 6d5cf40502019db4cfc3663c44896214
    SHA-256: c2047fc5d390d2478b91b5fc5d8e73103541ba1e5a4636e5e5a85e2fd248327c
    Size: 79.25 kB
  2. libipa_hbac-python-1.9.2-82.4.AXS4.i686.rpm
    MD5: 434c77b4c6e716f9c153fc5f9bf22cea
    SHA-256: fbf1ff150a59f92d277b83de928cfc9c63412922c2d0fa83a0f2648e2c9a52e2
    Size: 73.27 kB
  3. libsss_autofs-1.9.2-82.4.AXS4.i686.rpm
    MD5: 06be6911bdc7d6ddc32a727aee02afd6
    SHA-256: 85f9723b598db64c65f46e3ccd8af0ffa69e241d932644a632889c84ac4ffe6e
    Size: 82.78 kB
  4. libsss_idmap-1.9.2-82.4.AXS4.i686.rpm
    MD5: 4a5bfe8ef84d81012878e2ebc2b23216
    SHA-256: cab87efc3066ab9c5c094f13c630eac44ece52fb64ab956268e5bb88b5a557c8
    Size: 81.43 kB
  5. libsss_sudo-1.9.2-82.4.AXS4.i686.rpm
    MD5: 661553cc8f63d4a73226d537ab90366b
    SHA-256: 20d494be1d9382fefbbee60a4ce3ab1d196dbc8329f93e9181319f3cbdcf8c54
    Size: 83.01 kB
  6. sssd-1.9.2-82.4.AXS4.i686.rpm
    MD5: a4b291e90ba05ccece98be266fded7a8
    SHA-256: 6d13cefe8f82e123353dd0b8b496689f6d3756b037c347736bcad6f13a58d3a3
    Size: 3.33 MB
  7. sssd-client-1.9.2-82.4.AXS4.i686.rpm
    MD5: 415adfee39ea3caec919327dc3261a73
    SHA-256: 35ab542e2abfffdf438ea5ef88a9eca22eae29e3d627fdb1ba029f7c91e85c34
    Size: 117.97 kB

Asianux Server 4 for x86_64
  1. libipa_hbac-1.9.2-82.4.AXS4.x86_64.rpm
    MD5: 11c1b4b86b779128928f9b2cb62afa1d
    SHA-256: 488e5c029898d61c8ffd70e33a9e6bdcc2443fb6c372c405a500e27449da31c5
    Size: 78.74 kB
  2. libipa_hbac-python-1.9.2-82.4.AXS4.x86_64.rpm
    MD5: fa6fa718e3a6aa6af07e42a4c353664e
    SHA-256: 24b74a4d66ed4c3eae21ac5bcb8389908a7eddc92bb8e86ed584ad262c6d1973
    Size: 73.24 kB
  3. libsss_autofs-1.9.2-82.4.AXS4.x86_64.rpm
    MD5: f65025f3d6dbab2ab666d5a319df1d2b
    SHA-256: d08851572fdbed0b04d4ab33c3fadd052b310aa8f6a6487a3711a44b10beeed3
    Size: 82.33 kB
  4. libsss_idmap-1.9.2-82.4.AXS4.x86_64.rpm
    MD5: 9875f12b5ac0ca01aa299110b33df249
    SHA-256: 7cd82721665211f4facd83e564f93cf52443533db2894a409ced5e906f703a05
    Size: 81.02 kB
  5. libsss_sudo-1.9.2-82.4.AXS4.x86_64.rpm
    MD5: 9d2ee286f7c0de05e8f24af2d2684053
    SHA-256: 4d06f76acd65ab450a8227471cb216dacacb021a3670c6bcdb40f7847617721c
    Size: 82.49 kB
  6. sssd-1.9.2-82.4.AXS4.x86_64.rpm
    MD5: 39a228e3fae60629cba60e9b0ffedc71
    SHA-256: ee0a9831a6591f4b8f414f23b6ead1b35180ec70d7be1dc17265ebde386832ca
    Size: 3.61 MB
  7. sssd-client-1.9.2-82.4.AXS4.x86_64.rpm
    MD5: 9c692e2dca3e650e2ab7b5768b82925f
    SHA-256: 262dc04b1f715ae9c75e9623508b38babd027b3bc86501c9250ef9c3bd2b0e99
    Size: 117.61 kB
  8. libipa_hbac-1.9.2-82.4.AXS4.i686.rpm
    MD5: 6d5cf40502019db4cfc3663c44896214
    SHA-256: c2047fc5d390d2478b91b5fc5d8e73103541ba1e5a4636e5e5a85e2fd248327c
    Size: 79.25 kB
  9. libsss_idmap-1.9.2-82.4.AXS4.i686.rpm
    MD5: 4a5bfe8ef84d81012878e2ebc2b23216
    SHA-256: cab87efc3066ab9c5c094f13c630eac44ece52fb64ab956268e5bb88b5a557c8
    Size: 81.43 kB
  10. sssd-client-1.9.2-82.4.AXS4.i686.rpm
    MD5: 415adfee39ea3caec919327dc3261a73
    SHA-256: 35ab542e2abfffdf438ea5ef88a9eca22eae29e3d627fdb1ba029f7c91e85c34
    Size: 117.97 kB