LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Red Hat: 2013:1319-01: sssd: Low Advisory Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: sssd security and bug fix update
Advisory ID:       RHSA-2013:1319-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-1319.html
Issue date:        2013-09-30
CVE Names:         CVE-2013-0219 
=====================================================================

1. Summary:

Updated sssd packages that fix one security issue and several bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

SSSD (System Security Services Daemon) provides a set of daemons to manage
access to remote directories and authentication mechanisms. It provides NSS
(Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces
toward the system and a pluggable back end system to connect to multiple
different account sources.

A race condition was found in the way SSSD copied and removed user home
directories. A local attacker who is able to write into the home directory
of a different user who is being removed could use this flaw to perform
symbolic link attacks, possibly allowing them to modify and delete
arbitrary files with the privileges of the root user. (CVE-2013-0219)

The CVE-2013-0219 issue war discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also fixes the following bugs:

* After a paging control was used, memory in the sssd_be process was never
freed which led to the growth of the sssd_be process memory usage over
time. To fix this bug, the paging control was deallocated after use, and
thus the memory usage of the sssd_be process no longer grows. (BZ#820908)

* If the sssd_be process was terminated and recreated while there were
authentication requests pending, the sssd_pam process did not recover
correctly and did not reconnect to the new sssd_be process. Consequently,
the sssd_pam process was seemingly blocked and did not accept any new
authentication requests. The sssd_pam process has been fixes so that it
reconnects to the new instance of the sssd_be process after the original
one terminated unexpectedly. Even after a crash and reconnect, the sssd_pam
process now accepts new authentication requests. (BZ#882414)

* When the sssd_be process hung for a while, it was terminated and a new
instance was created. If the old instance did not respond to the TERM
signal and continued running, SSSD terminated unexpectedly. As a
consequence, the user could not log in. SSSD now keeps track of sssd_be
subprocesses more effectively, making the restarts of sssd_be more reliable
in such scenarios. Users can now log in whenever the sssd_be is restarted
and becomes unresponsive. (BZ#886165)

* In case the processing of an LDAP request took longer than the client
timeout upon completing the request (60 seconds by default), the PAM client
could have accessed memory that was previously freed due to the client
timeout being reached. As a result, the sssd_pam process terminated
unexpectedly with a segmentation fault. SSSD now ignores an LDAP request
result when it detects that the set timeout of this request has been
reached. The sssd_pam process no longer crashes in the aforementioned
scenario. (BZ#923813)

* When there was a heavy load of users and groups to be saved in cache,
SSSD experienced a timeout. Consequently, NSS did not start the backup
process properly and it was impossible to log in. A patch has been provided
to fix this bug. The SSSD daemon now remains responsive and the login
continues as expected. (BZ#805729)

* SSSD kept the file descriptors to the log files open.  Consequently, on
occasions like moving the actual log file and restarting the back end, SSSD
still kept the file descriptors open. SSSD now closes the file descriptor
after the child process execution; after a successful back end start, the
file descriptor to log files is closed. (BZ#961680)

* While performing access control in the Identity Management back end, SSSD
erroneously downloaded the "member" attribute from the server and then
attempted to use it in the cache verbatim. Consequently, the cache
attempted to use the "member" attribute values as if they were pointing to
the local cache which was CPU intensive. The member attribute when
processing host groups is no longer downloaded and processed. Moreover, the
login process is reasonably fast even with large host groups. (BZ#979047)

All sssd users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

884254 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees
961680 - sssd components seem to mishandle sighup
974036 - sssd core process keeps running after backends quit
979047 - sssd_be goes to 99% CPU and causes significant login delays when client is under load

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sssd-1.5.1-70.el5.src.rpm

i386:
libipa_hbac-1.5.1-70.el5.i386.rpm
libipa_hbac-devel-1.5.1-70.el5.i386.rpm
libipa_hbac-python-1.5.1-70.el5.i386.rpm
sssd-1.5.1-70.el5.i386.rpm
sssd-client-1.5.1-70.el5.i386.rpm
sssd-debuginfo-1.5.1-70.el5.i386.rpm
sssd-tools-1.5.1-70.el5.i386.rpm

x86_64:
libipa_hbac-1.5.1-70.el5.i386.rpm
libipa_hbac-1.5.1-70.el5.x86_64.rpm
libipa_hbac-devel-1.5.1-70.el5.i386.rpm
libipa_hbac-devel-1.5.1-70.el5.x86_64.rpm
libipa_hbac-python-1.5.1-70.el5.x86_64.rpm
sssd-1.5.1-70.el5.x86_64.rpm
sssd-client-1.5.1-70.el5.i386.rpm
sssd-client-1.5.1-70.el5.x86_64.rpm
sssd-debuginfo-1.5.1-70.el5.i386.rpm
sssd-debuginfo-1.5.1-70.el5.x86_64.rpm
sssd-tools-1.5.1-70.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sssd-1.5.1-70.el5.src.rpm

i386:
libipa_hbac-1.5.1-70.el5.i386.rpm
libipa_hbac-devel-1.5.1-70.el5.i386.rpm
libipa_hbac-python-1.5.1-70.el5.i386.rpm
sssd-1.5.1-70.el5.i386.rpm
sssd-client-1.5.1-70.el5.i386.rpm
sssd-debuginfo-1.5.1-70.el5.i386.rpm
sssd-tools-1.5.1-70.el5.i386.rpm

ia64:
libipa_hbac-1.5.1-70.el5.ia64.rpm
libipa_hbac-devel-1.5.1-70.el5.ia64.rpm
libipa_hbac-python-1.5.1-70.el5.ia64.rpm
sssd-1.5.1-70.el5.ia64.rpm
sssd-client-1.5.1-70.el5.i386.rpm
sssd-client-1.5.1-70.el5.ia64.rpm
sssd-debuginfo-1.5.1-70.el5.i386.rpm
sssd-debuginfo-1.5.1-70.el5.ia64.rpm
sssd-tools-1.5.1-70.el5.ia64.rpm

ppc:
libipa_hbac-1.5.1-70.el5.ppc.rpm
libipa_hbac-1.5.1-70.el5.ppc64.rpm
libipa_hbac-devel-1.5.1-70.el5.ppc.rpm
libipa_hbac-devel-1.5.1-70.el5.ppc64.rpm
libipa_hbac-python-1.5.1-70.el5.ppc.rpm
sssd-1.5.1-70.el5.ppc.rpm
sssd-client-1.5.1-70.el5.ppc.rpm
sssd-client-1.5.1-70.el5.ppc64.rpm
sssd-debuginfo-1.5.1-70.el5.ppc.rpm
sssd-debuginfo-1.5.1-70.el5.ppc64.rpm
sssd-tools-1.5.1-70.el5.ppc.rpm

s390x:
libipa_hbac-1.5.1-70.el5.s390.rpm
libipa_hbac-1.5.1-70.el5.s390x.rpm
libipa_hbac-devel-1.5.1-70.el5.s390.rpm
libipa_hbac-devel-1.5.1-70.el5.s390x.rpm
libipa_hbac-python-1.5.1-70.el5.s390x.rpm
sssd-1.5.1-70.el5.s390x.rpm
sssd-client-1.5.1-70.el5.s390.rpm
sssd-client-1.5.1-70.el5.s390x.rpm
sssd-debuginfo-1.5.1-70.el5.s390.rpm
sssd-debuginfo-1.5.1-70.el5.s390x.rpm
sssd-tools-1.5.1-70.el5.s390x.rpm

x86_64:
libipa_hbac-1.5.1-70.el5.i386.rpm
libipa_hbac-1.5.1-70.el5.x86_64.rpm
libipa_hbac-devel-1.5.1-70.el5.i386.rpm
libipa_hbac-devel-1.5.1-70.el5.x86_64.rpm
libipa_hbac-python-1.5.1-70.el5.x86_64.rpm
sssd-1.5.1-70.el5.x86_64.rpm
sssd-client-1.5.1-70.el5.i386.rpm
sssd-client-1.5.1-70.el5.x86_64.rpm
sssd-debuginfo-1.5.1-70.el5.i386.rpm
sssd-debuginfo-1.5.1-70.el5.x86_64.rpm
sssd-tools-1.5.1-70.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-0219.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Why Russian hackers are beating us
DQ Breach? HQ Says No, But Would it Know?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.