Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2017-3379.NASL
HistoryDec 07, 2017 - 12:00 a.m.

CentOS 7 : sssd (CESA-2017:3379)

2017-12-0700:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.3%

JSON

An update for sssd is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.

Security Fix(es) :

  • It was found that sssd’s sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173)

This issue was discovered by Sumit Bose (Red Hat).

Bug Fix(es) :

  • Previously, SSSD’s krb5 provider did not respect changed UIDs in ID views overriding the default view. Consequently, Kerberos credential caches were created with the incorrect, original UID, and processes of the user were not able to find the changed UID. With this update, SSSD’s krb5 provider is made aware of the proper ID view name and respects the ID override data. As a result, the Kerberos credential cache is now created with the expected UID, and the processes can find it. (BZ#1508972)

  • Previously, the list of cache request domains was sometimes freed in the middle of a cache request operation due to the refresh domains request, as they both were using the same list. As a consequence, a segmentation fault sometimes occurred in SSSD. With this update, SSSD uses a copy of the cache request domains’ list for each cache request.
    As a result, SSSD no longer crashes in this case. (BZ#1509177)

  • Previously, the calls provided by SSSD to send data to the Privilege Attribute Certificate (PAC) responder did not use a mutex or any other means to serialize access to the PAC responder from a single process.
    When multithreaded applications overran the PAC responder with multiple parallel requests, some threads did not receive a proper reply. Consequently, such threads only resumed work after waiting 5 minutes for a response. This update configures mutex to serialize access to the PAC responder socket for multithreaded applications. As a result, all threads now get a proper and timely reply. (BZ#1506682)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:3379 and 
# CentOS Errata and Security Advisory 2017:3379 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(105059);
  script_version("3.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2017-12173");
  script_xref(name:"RHSA", value:"2017:3379");

  script_name(english:"CentOS 7 : sssd (CESA-2017:3379)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for sssd is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The System Security Services Daemon (SSSD) service provides a set of
daemons to manage access to remote directories and authentication
mechanisms. It also provides the Name Service Switch (NSS) and the
Pluggable Authentication Modules (PAM) interfaces toward the system,
and a pluggable back-end system to connect to multiple different
account sources.

Security Fix(es) :

* It was found that sssd's sysdb_search_user_by_upn_res() function did
not sanitize requests when querying its local cache and was vulnerable
to injection. In a centralized login environment, if a password hash
was locally cached for a given user, an authenticated attacker could
use this flaw to retrieve it. (CVE-2017-12173)

This issue was discovered by Sumit Bose (Red Hat).

Bug Fix(es) :

* Previously, SSSD's krb5 provider did not respect changed UIDs in ID
views overriding the default view. Consequently, Kerberos credential
caches were created with the incorrect, original UID, and processes of
the user were not able to find the changed UID. With this update,
SSSD's krb5 provider is made aware of the proper ID view name and
respects the ID override data. As a result, the Kerberos credential
cache is now created with the expected UID, and the processes can find
it. (BZ#1508972)

* Previously, the list of cache request domains was sometimes freed in
the middle of a cache request operation due to the refresh domains
request, as they both were using the same list. As a consequence, a
segmentation fault sometimes occurred in SSSD. With this update, SSSD
uses a copy of the cache request domains' list for each cache request.
As a result, SSSD no longer crashes in this case. (BZ#1509177)

* Previously, the calls provided by SSSD to send data to the Privilege
Attribute Certificate (PAC) responder did not use a mutex or any other
means to serialize access to the PAC responder from a single process.
When multithreaded applications overran the PAC responder with
multiple parallel requests, some threads did not receive a proper
reply. Consequently, such threads only resumed work after waiting 5
minutes for a response. This update configures mutex to serialize
access to the PAC responder socket for multithreaded applications. As
a result, all threads now get a proper and timely reply. (BZ#1506682)"
  );
  # https://lists.centos.org/pipermail/centos-announce/2017-December/022685.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d7ce01c6"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected sssd packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12173");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libipa_hbac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libipa_hbac-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_autofs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_certmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_certmap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_idmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_idmap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_nss_idmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_nss_idmap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_simpleifp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_simpleifp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsss_sudo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-libipa_hbac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-libsss_nss_idmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-sss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-sss-murmur");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-sssdconfig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-ad");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-common-pac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-dbus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-ipa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-kcm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-krb5-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-libwbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-libwbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-polkit-rules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sssd-winbind-idmap");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libipa_hbac-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libipa_hbac-devel-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_autofs-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_certmap-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_certmap-devel-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_idmap-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_idmap-devel-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_nss_idmap-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_nss_idmap-devel-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_simpleifp-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_simpleifp-devel-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsss_sudo-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-libipa_hbac-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-libsss_nss_idmap-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-sss-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-sss-murmur-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-sssdconfig-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-ad-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-client-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-common-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-common-pac-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-dbus-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-ipa-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-kcm-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-krb5-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-krb5-common-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-ldap-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-libwbclient-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-libwbclient-devel-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-polkit-rules-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-proxy-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-tools-1.15.2-50.el7_4.8")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"sssd-winbind-idmap-1.15.2-50.el7_4.8")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libipa_hbac / libipa_hbac-devel / libsss_autofs / libsss_certmap / etc");
}
VendorProductVersionCPE
centoscentoslibipa_hbacp-cpe:/a:centos:centos:libipa_hbac
centoscentoslibipa_hbac-develp-cpe:/a:centos:centos:libipa_hbac-devel
centoscentoslibsss_autofsp-cpe:/a:centos:centos:libsss_autofs
centoscentoslibsss_certmapp-cpe:/a:centos:centos:libsss_certmap
centoscentoslibsss_certmap-develp-cpe:/a:centos:centos:libsss_certmap-devel
centoscentoslibsss_idmapp-cpe:/a:centos:centos:libsss_idmap
centoscentoslibsss_idmap-develp-cpe:/a:centos:centos:libsss_idmap-devel
centoscentoslibsss_nss_idmapp-cpe:/a:centos:centos:libsss_nss_idmap
centoscentoslibsss_nss_idmap-develp-cpe:/a:centos:centos:libsss_nss_idmap-devel
centoscentoslibsss_simpleifpp-cpe:/a:centos:centos:libsss_simpleifp
Rows per page:
1-10 of 351

Related

nessus 20
amazon 1
openvas 11
mageia 1
ubuntucve 1
fedora 3
veracode 1
centos 2
cve 1
debiancve 1
redhatcve 1
redhat 2
ubuntu 1
cvelist 1
oraclelinux 2
nvd 1
prion 1
nessus
nessus
EulerOS Virtualization 2.5.1 : sssd (EulerOS-SA-2018-1273)
2018-09-18 00:00:00
Oracle Linux 6 : ding-libs / sssd (ELSA-2018-1877)
2018-06-27 00:00:00
EulerOS 2.0 SP2 : sssd (EulerOS-SA-2017-1325)
2017-12-18 00:00:00
amazon
amazon
Medium: sssd
2017-12-20 18:56:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0421)
2022-01-28 00:00:00
CentOS Update for libipa_hbac CESA-2017:3379 centos7
2017-12-07 00:00:00
RedHat Update for sssd RHSA-2017:3379-01
2017-12-05 00:00:00
mageia
mageia
Updated sssd packages fix security vulnerability
2017-11-21 00:18:02
ubuntucve
ubuntucve
CVE-2017-12173
2017-10-05 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: sssd-1.15.3-5.fc26
2017-10-21 22:22:21
[SECURITY] Fedora 27 Update: sssd-1.15.3-5.fc27
2017-10-24 20:09:19
[SECURITY] Fedora 25 Update: sssd-1.15.3-5.fc25
2017-10-27 15:05:50
veracode
veracode
Information Disclosure
2019-01-15 09:21:00
centos
centos
libipa_hbac, libsss_autofs, libsss_certmap, libsss_idmap, libsss_nss_idmap, libsss_simpleifp, libsss_sudo, python, sssd security update
2017-12-06 13:24:51
libbasicobjects, libcollection, libdhash, libini_config, libipa_hbac, libpath_utils, libref_array, libsss_idmap, libsss_nss_idmap, libsss_simpleifp, python, sssd security update
2018-06-21 11:55:11
cve
cve
CVE-2017-12173
2018-07-27 16:29:00
debiancve
debiancve
CVE-2017-12173
2018-07-27 16:29:00
redhatcve
redhatcve
CVE-2017-12173
2017-10-04 12:48:55
redhat
redhat
(RHSA-2018:1877) Moderate: sssd and ding-libs security and bug fix update
2018-06-19 02:11:36
(RHSA-2017:3379) Moderate: sssd security and bug fix update
2017-12-04 18:51:06
ubuntu
ubuntu
SSSD vulnerability
2018-01-10 00:00:00
cvelist
cvelist
CVE-2017-12173
2018-07-27 16:00:00
oraclelinux
oraclelinux
sssd security and bug fix update
2017-12-04 00:00:00
sssd and ding-libs security and bug fix update
2018-06-25 00:00:00
nvd
nvd
CVE-2017-12173
2018-07-27 16:29:00
prion
prion
Design/Logic Flaw
2018-07-27 16:29:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.3%

JSON
Related for CENTOS_RHSA-2017-3379.NASL
nessus20amazon1openvas11mageia1ubuntucve1fedora3veracode1centos2cve1debiancve1redhatcve1redhat2ubuntu1cvelist1oraclelinux2nvd1prion1