Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20151110_SSSD_ON_SL6_X.NASL
HistoryNov 11, 2015 - 12:00 a.m.

Scientific Linux Security Update : sssd on SL6.x i386/x86_64 (20151110)

2015-11-1100:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.7%

JSON

It was found that SSSD’s Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292)

This update also fixes the following bugs :

  • Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the ‘(’ opening parenthesis sign.
    Consequently, SSSD skipped such sudo rules. The internal sysdb search has been modified to escape special characters when searching for objects to which sudo rules apply. As a result, SSSD applies the described sudo rules as expected.

  • Prior to this update, SSSD did not correctly handle group names containing special Lightweight Directory Access Protocol (LDAP) characters, such as the ‘(’ or ‘)’ parenthesis signs. When a group name contained one or more such characters, the internal cache cleanup operation failed with an I/O error. With this update, LDAP special characters in the Distinguished Name (DN) of a cache entry are escaped before the cleanup operation starts. As a result, the cleanup operation completes successfully in the described situation.

  • Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug.

  • Previously, when malformed POSIX attributes were defined in an Active Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode. This update relaxes certain checks for AD POSIX attribute validity.
    As a result, SSSD now works as expected even when malformed POSIX attributes are present in AD and no longer enters offline mode in the described situation.

After installing the update, the sssd service will be restarted automatically. Additionally, all running applications using the PAC responder plug-in must be restarted for the changes to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(86846);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2015-5292");

  script_name(english:"Scientific Linux Security Update : sssd on SL6.x i386/x86_64 (20151110)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that SSSD's Privilege Attribute Certificate (PAC)
responder plug-in would leak a small amount of memory on each
authentication request. A remote attacker could potentially use this
flaw to exhaust all available memory on the system by making repeated
requests to a Kerberized daemon application configured to authenticate
using the PAC responder plug-in. (CVE-2015-5292)

This update also fixes the following bugs :

  - Previously, SSSD did not correctly handle sudo rules
    that applied to groups with names containing special
    characters, such as the '(' opening parenthesis sign.
    Consequently, SSSD skipped such sudo rules. The internal
    sysdb search has been modified to escape special
    characters when searching for objects to which sudo
    rules apply. As a result, SSSD applies the described
    sudo rules as expected.

  - Prior to this update, SSSD did not correctly handle
    group names containing special Lightweight Directory
    Access Protocol (LDAP) characters, such as the '(' or
    ')' parenthesis signs. When a group name contained one
    or more such characters, the internal cache cleanup
    operation failed with an I/O error. With this update,
    LDAP special characters in the Distinguished Name (DN)
    of a cache entry are escaped before the cleanup
    operation starts. As a result, the cleanup operation
    completes successfully in the described situation.

  - Applications performing Kerberos authentication
    previously increased the memory footprint of the
    Kerberos plug-in that parses the Privilege Attribute
    Certificate (PAC) information. The plug-in has been
    updated to free the memory it allocates, thus fixing
    this bug.

  - Previously, when malformed POSIX attributes were defined
    in an Active Directory (AD) LDAP server, SSSD
    unexpectedly switched to offline mode. This update
    relaxes certain checks for AD POSIX attribute validity.
    As a result, SSSD now works as expected even when
    malformed POSIX attributes are present in AD and no
    longer enters offline mode in the described situation.

After installing the update, the sssd service will be restarted
automatically. Additionally, all running applications using the PAC
responder plug-in must be restarted for the changes to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1511&L=scientific-linux-errata&F=&S=&P=2022
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e2c6b9d8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libipa_hbac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libipa_hbac-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libipa_hbac-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_idmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_idmap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_nss_idmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_nss_idmap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_nss_idmap-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_simpleifp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsss_simpleifp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-sssdconfig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-ad");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-common-pac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-dbus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-ipa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-krb5-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:sssd-tools");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"libipa_hbac-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libipa_hbac-devel-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libipa_hbac-python-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libsss_idmap-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libsss_idmap-devel-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libsss_nss_idmap-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libsss_nss_idmap-devel-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libsss_nss_idmap-python-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libsss_simpleifp-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"libsss_simpleifp-devel-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"python-sssdconfig-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-ad-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-client-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-common-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-common-pac-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-dbus-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-debuginfo-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-ipa-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-krb5-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-krb5-common-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-ldap-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-proxy-1.12.4-47.el6_7.4")) flag++;
if (rpm_check(release:"SL6", reference:"sssd-tools-1.12.4-47.el6_7.4")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libipa_hbac / libipa_hbac-devel / libipa_hbac-python / libsss_idmap / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxlibipa_hbacp-cpe:/a:fermilab:scientific_linux:libipa_hbac
fermilabscientific_linuxlibipa_hbac-develp-cpe:/a:fermilab:scientific_linux:libipa_hbac-devel
fermilabscientific_linuxlibipa_hbac-pythonp-cpe:/a:fermilab:scientific_linux:libipa_hbac-python
fermilabscientific_linuxlibsss_idmapp-cpe:/a:fermilab:scientific_linux:libsss_idmap
fermilabscientific_linuxlibsss_idmap-develp-cpe:/a:fermilab:scientific_linux:libsss_idmap-devel
fermilabscientific_linuxlibsss_nss_idmapp-cpe:/a:fermilab:scientific_linux:libsss_nss_idmap
fermilabscientific_linuxlibsss_nss_idmap-develp-cpe:/a:fermilab:scientific_linux:libsss_nss_idmap-devel
fermilabscientific_linuxlibsss_nss_idmap-pythonp-cpe:/a:fermilab:scientific_linux:libsss_nss_idmap-python
fermilabscientific_linuxlibsss_simpleifpp-cpe:/a:fermilab:scientific_linux:libsss_simpleifp
fermilabscientific_linuxlibsss_simpleifp-develp-cpe:/a:fermilab:scientific_linux:libsss_simpleifp-devel
Rows per page:
1-10 of 251

Related

cve 1
oraclelinux 2
redhat 2
openvas 7
f5 1
fedora 3
nessus 12
amazon 1
debiancve 1
prion 1
centos 2
ubuntucve 1
veracode 1
cvelist 1
nvd 1
cve
cve
CVE-2015-5292
2015-10-29 16:59:00
oraclelinux
oraclelinux
sssd security and bug fix update
2015-11-10 00:00:00
sssd security, bug fix, and enhancement update
2015-11-24 00:00:00
redhat
redhat
(RHSA-2015:2019) Low: sssd security and bug fix update
2015-11-10 00:00:00
(RHSA-2015:2355) Low: sssd security, bug fix, and enhancement update
2015-11-19 13:37:40
openvas
openvas
Oracle: Security Advisory (ELSA-2015-2355)
2015-11-25 00:00:00
Fedora Update for sssd FEDORA-2015-7
2015-10-21 00:00:00
Oracle: Security Advisory (ELSA-2015-2019)
2015-11-11 00:00:00
f5
f5
K48523069 : System Security Services Daemon vulnerability CVE-2015-5292
2017-09-13 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: sssd-1.13.1-2.fc23
2015-10-11 16:08:12
[SECURITY] Fedora 22 Update: sssd-1.13.1-2.fc22
2015-10-20 01:56:37
[SECURITY] Fedora 21 Update: sssd-1.12.5-4.fc21
2015-10-20 02:54:52
nessus
nessus
Scientific Linux Security Update : sssd on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
Oracle Linux 6 : sssd (ELSA-2015-2019)
2015-11-11 00:00:00
Oracle Linux 7 : sssd (ELSA-2015-2355)
2015-11-30 00:00:00
amazon
amazon
Low: sssd
2016-01-18 11:00:00
debiancve
debiancve
CVE-2015-5292
2015-10-29 16:59:00
prion
prion
Authentication flaw
2015-10-29 16:59:00
centos
centos
libipa_hbac, libsss_idmap, libsss_nss_idmap, libsss_simpleifp, python, sssd security update
2015-11-10 13:43:26
libipa_hbac, libsss_idmap, libsss_nss_idmap, libsss_simpleifp, python, sssd security update
2015-11-30 19:52:40
ubuntucve
ubuntucve
CVE-2015-5292
2015-10-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:08:22
cvelist
cvelist
CVE-2015-5292
2015-10-29 16:00:00
nvd
nvd
CVE-2015-5292
2015-10-29 16:59:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.7%

JSON
Related for SL_20151110_SSSD_ON_SL6_X.NASL
cve1oraclelinux2redhat2openvas7f51fedora3nessus12amazon1debiancve1prion1centos2ubuntucve1veracode1cvelist1nvd1