Lucene search
CentOS Update for libipa_hbac CESA-2013:0663 centos6
🗓️ 22 Mar 2013 00:00:00Reported by Copyright (c) 2013 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 17 Views
Update libipa_hbac for CentOS
Show more
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | Fedora 18 : sssd-1.9.4-7.fc18 (2013-4193) | 1 Apr 201300:00 | – | nessus |
| Oracle Linux 6 : sssd (ELSA-2013-0663) | 12 Jul 201300:00 | – | nessus |
| RHEL 6 : sssd (RHSA-2013:0663) | 20 Mar 201300:00 | – | nessus |
| openSUSE Security Update : sssd (openSUSE-SU-2013:0559-1) | 13 Jun 201400:00 | – | nessus |
| Scientific Linux Security Update : sssd on SL6.x i386/x86_64 (20130319) | 20 Mar 201300:00 | – | nessus |
| CentOS 6 : sssd (CESA-2013:0663) | 21 Mar 201300:00 | – | nessus |
| Fedora Update for sssd FEDORA-2013-4193 | 2 Apr 201300:00 | – | openvas |
| CentOS Update for libipa_hbac CESA-2013:0663 centos6 | 22 Mar 201300:00 | – | openvas |
| Oracle: Security Advisory (ELSA-2013-0663) | 6 Oct 201500:00 | – | openvas |
| RedHat Update for sssd RHSA-2013:0663-01 | 22 Mar 201300:00 | – | openvas |
10
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for libipa_hbac CESA-2013:0663 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "SSSD (System Security Services Daemon) provides a set of daemons to manage
access to remote directories and authentication mechanisms. It provides
NSS (Name Service Switch) and PAM (Pluggable Authentication Modules)
interfaces toward the system and a pluggable back end system to connect to
multiple different account sources.
When SSSD was configured as a Microsoft Active Directory client by using
the new Active Directory provider (introduced in RHSA-2013:0508), the
Simple Access Provider ("access_provider = simple in
/etc/sssd/sssd.conf") did not handle access control correctly. If any
groups were specified with the simple_deny_groups option (in sssd.conf),
all users were permitted access. (CVE-2013-0287)
The CVE-2013-0287 issue was discovered by Kaushik Banerjee of Red Hat.
This update also fixes the following bugs:
* If a group contained a member whose Distinguished Name (DN) pointed out
of any of the configured search bases, the search request that was
processing this particular group never ran to completion. To the user, this
bug manifested as a long timeout between requesting the group data and
receiving the result. A patch has been provided to address this bug and
SSSD now processes group search requests without delays. (BZ#907362)
* The pwd_expiration_warning should have been set for seven days, but
instead it was set to zero for Kerberos. This incorrect zero setting
returned the "always display warning if the server sends one" error message
and users experienced problems in environments like IPA or Active
Directory. Currently, the value setting for Kerberos is modified and this
issue no longer occurs. (BZ#914671)
All users of sssd are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.";
tag_affected = "libipa_hbac on CentOS 6";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2013-March/019657.html");
script_id(881693);
script_version("$Revision: 8448 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $");
script_tag(name:"creation_date", value:"2013-03-22 10:40:33 +0530 (Fri, 22 Mar 2013)");
script_cve_id("CVE-2013-0287");
script_tag(name:"cvss_base", value:"4.9");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:N");
script_xref(name: "CESA", value: "2013:0663");
script_name("CentOS Update for libipa_hbac CESA-2013:0663 centos6 ");
script_tag(name: "summary" , value: "Check for the Version of libipa_hbac");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"libipa_hbac", rpm:"libipa_hbac~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libipa_hbac-devel", rpm:"libipa_hbac-devel~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libipa_hbac-python", rpm:"libipa_hbac-python~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsss_autofs", rpm:"libsss_autofs~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsss_idmap", rpm:"libsss_idmap~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsss_idmap-devel", rpm:"libsss_idmap-devel~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsss_sudo", rpm:"libsss_sudo~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsss_sudo-devel", rpm:"libsss_sudo-devel~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"sssd", rpm:"sssd~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"sssd-client", rpm:"sssd-client~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"sssd-tools", rpm:"sssd-tools~1.9.2~82.4.el6_4", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo22 Mar 2013 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.00464