CentOS Local Security Checks : CentOS Update for sssd CESA-2011:0975 centos5 i386

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.880983

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for sssd CESA-2011:0975 centos5 i386

Zusammenfassung: The remote host is missing an update for the 'sssd'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'sssd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The System Security Services Daemon (SSSD) provides a set of daemons to
manage access to remote directories and authentication mechanisms. It
provides an NSS and PAM interface toward the system and a pluggable
back-end system to connect to multiple different account sources. It is
also the basis to provide client auditing and policy services for projects
such as FreeIPA.

A flaw was found in the SSSD PAM responder that could allow a local
attacker to force SSSD to enter an infinite loop via a carefully-crafted
packet. With SSSD unresponsive, legitimate users could be denied the
ability to log in to the system. (CVE-2010-4341)

Red Hat would like to thank Sebastian Krahmer for reporting this issue.

These updated sssd packages include a number of bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Refer to
the linked Red Hat Enterprise Linux 5.7 Technical Notes for information about
these changes.

All sssd users are advised to upgrade to these updated sssd packages, which
upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the
bugs and add the enhancements noted in the Technical Notes.

Affected Software/OS:
sssd on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-4341
BugTraq ID: 45961
http://www.securityfocus.com/bid/45961
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html
http://www.redhat.com/support/errata/RHSA-2011-0560.html
http://www.redhat.com/support/errata/RHSA-2011-0975.html
http://secunia.com/advisories/43053
http://secunia.com/advisories/43055
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0197
http://www.vupen.com/english/advisories/2011/0212
XForce ISS Database: sssd-pamparseindatav2-dos(64881)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64881

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.880983
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for sssd CESA-2011:0975 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'sssd'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'sssd' package(s) announced via the referenced advisory. Vulnerability Insight: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to force SSSD to enter an infinite loop via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. These updated sssd packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the linked Red Hat Enterprise Linux 5.7 Technical Notes for information about these changes. All sssd users are advised to upgrade to these updated sssd packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. Affected Software/OS: sssd on CentOS 5 Solution: Please install the updated packages. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4341 BugTraq ID: 45961 http://www.securityfocus.com/bid/45961 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html http://www.redhat.com/support/errata/RHSA-2011-0560.html http://www.redhat.com/support/errata/RHSA-2011-0975.html http://secunia.com/advisories/43053 http://secunia.com/advisories/43055 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2011/0197 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: sssd-pamparseindatav2-dos(64881) https://exchange.xforce.ibmcloud.com/vulnerabilities/64881
Copyright	Copyright (C) 2011 Greenbone AG