RHSA-2013:0663: sssd security and bug fix update
Description
SSSD (System Security Services Daemon) provides a set of daemons to manageaccess to remote directories and authentication mechanisms. It providesNSS (Name Service Switch) and PAM (Pluggable Authentication Modules)interfaces toward the system and a pluggable back end system to connect tomultiple different account sources.When SSSD was configured as a Microsoft Active Directory client by usingthe new Active Directory provider (introduced in RHSA-2013:0508), theSimple Access Provider ("access_provider = simple" in"/etc/sssd/sssd.conf") did not handle access control correctly. If anygroups were specified with the "simple_deny_groups" option (in sssd.conf),all users were permitted access. (CVE-2013-0287)The CVE-2013-0287 issue was discovered by Kaushik Banerjee of Red Hat.This update also fixes the following bugs:All users of sssd are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.
Solution(s)
- redhat-upgrade-libipa_hbac
- redhat-upgrade-libipa_hbac-devel
- redhat-upgrade-libipa_hbac-python
- redhat-upgrade-libsss_autofs
- redhat-upgrade-libsss_idmap
- redhat-upgrade-libsss_idmap-devel
- redhat-upgrade-libsss_sudo
- redhat-upgrade-libsss_sudo-devel
- redhat-upgrade-sssd
- redhat-upgrade-sssd-client
- redhat-upgrade-sssd-debuginfo
- redhat-upgrade-sssd-tools
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center