Detections
Analytics

Oracle Linux 5 : sssd (ELSA-2011-0975)

medium Nessus Plugin ID 181078

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0975 advisory.

 [1.5.1-37]
 - Reverts: rhbz#680443 - Dynamic DNS update fails if multiple servers are
 - given in ipa_server config option

 [1.5.1-36]
 - Resolves: rhbz#709333 - sssd. should require sssd-client.

 [1.5.1-35]
 - Resolves: rhbz#707340 - latest sssd fails if ldap_default_authtok_type is
 - not mentioned
 - Resolves: rhbz#707574 - SSSD's async resolver only tries the first
 - nameserver in /etc/resolv.conf

 [1.5.1-34]
 - Resolves: rhbz#701702 - sssd client libraries use select() but should use
 - poll() instead

 [1.5.1-33]
 - Related: rhbz#700858 - Automatic TGT renewal overwrites cached password
 - Fix segfault in TGT renewal

 [1.5.1-32]
 - Resolves: rhbz#700858 - Automatic TGT renewal overwrites cached password

 [1.5.1-30]
 - Resolves: rhbz#696979 - Filters not honoured against fully-qualified users

 [1.5.1-29]
 - Resolves: rhbz#694149 - SSSD consumes GBs of RAM, possible memory leak

 [1.5.1-28]
 - Related: rhbz#691900 - SSSD needs to fall back to 'cn' for GECOS
 - information

 [1.5.1-27]
 - Related: rhbz#694853 - SSSD crashes during getent when anonymous bind is
 - disabled

 [1.5.1-26]
 - Resolves: rhbz#695476 - Unable to resolve SRV record when called with [in ldap_uri]
 - Related: rhbz#694853 - SSSD crashes during getent when anonymous bind is
 - disabled

 [1.5.1-25]
 - Resolves: rhbz#694853 - SSSD crashes during getent when anonymous bind is
 - disabled

 [1.5.1-24]
 - Resolves: rhbz#692960 - Process /usr/libexec/sssd/sssd_be was killed by
 - signal 11 (SIGSEGV)
 - Fix is to not attempt to resolve nameless servers

 [1.5.1-23]
 - Resolves: rhbz#691900 - SSSD needs to fall back to 'cn' for GECOS
 - information

 [1.5.1-21]
 - Resolves: rhbz#690867 - Groups with a zero-length memberuid attribute can
 - cause SSSD to stop caching and responding to
 - requests

 [1.5.1-20]
 - Resolves: rhbz#690287 - Traceback messages seen while interrupting
 - sss_obfuscate using ctrl+d
 - Resolves: rhbz#690814 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process
 - /usr/libexec/sssd/sssd_be was killed by signal 11
 - (SIGSEGV)

 [1.5.1-19]
 - Related: rhbz#690096 - SSSD should skip over groups with multiple names

 [1.5.1-18]
 - Resolves: rhbz#690093 - SSSD breaks on RDNs with a comma in them
 - Resolves: rhbz#690096 - SSSD should skip over groups with multiple names
 - Resolves: rhbz#689887 - group memberships are not populated correctly during
 - IPA provider initgroups
 - Resolves: rhbz#688697 - Skip users and groups that have incomplete contents
 - Resolves: rhbz#688694 - authconfig fails when access_provider is set as krb5
 - in sssd.conf

 [1.5.1-17]
 - Resolves: rhbz#688677 - Build SSSD in RHEL 5.7 against openldap24-libs
 - Adds support for following LDAP referrals and using Mozilla NSS for crypto
 - support

 [1.5.1-16]
 - Resolves: rhbz#683260 - sudo/ldap lookup via sssd gets stuck for 5min
 - waiting on netgroup
 - Resolves: rhbz#683585 - sssd consumes 100% CPU
 - Related: rhbz#680441 - sssd does not handle kerberos server IP change

 [1.5.1-15]
 - Related: rhbz#680441 - sssd does not handle kerberos server IP change
 - SSSD was staying with the old server if it was still online

 [1.5.1-14]
 - Resolves: rhbz#682853 - IPA provider should use realm instead of ipa_domain
 - for base DN

 [1.5.1-13]
 - Resolves: rhbz#682803 - sssd-be segmentation fault - ipa-client on
 - ipa-server
 - Resolves: rhbz#680441 - sssd does not handle kerberos server IP change
 - Resolves: rhbz#680443 - Dynamic DNS update fails if multiple servers are
 - given in ipa_server config option
 - Resolves: rhbz#680933 - Do not delete sysdb memberOf if there is no memberOf
 - attribute on the server
 - Resolves: rhbz#682808 - sssd_nss core dumps with certain lookups

 [1.5.1-12]
 - Related: rhbz#679087 - SSSD IPA provider should honor the krb5_realm option
 - Related: rhbz#678615 - SSSD needs to look at IPA's compat tree for netgroups

 [1.5.1-11]
 - Resolves: rhbz#679087 - SSSD IPA provider should honor the krb5_realm option
 - Resolves: rhbz#679097 - Does not read renewable ccache at startup

 [1.5.1-10]
 - Resolves: rhbz#678606 - User information not updated on login for secondary
 - domains
 - Resolves: rhbz#678778 - IPA provider does not update removed group
 - memberships on initgroups

 [1.5.1-9]
 - Resolves: rhbz#678780 - sssd crashes at the next tgt renewals it tries
 - Resolves: rhbz#678412 - name service caches names, so id command shows
 - recently deleted users
 - Resolves: rhbz#678615 - SSSD needs to look at IPA's compat tree for
 - netgroups

 [1.5.1-8]
 - Related: rhbz#665314 - Rebase SSSD to 1.5 in RHEL 5.7
 - Fix generation of translated manpages

 [1.5.1-7]
 - Resolves: rhbz#665314 - Rebase SSSD to 1.5 in RHEL 5.7
 - Resolves: rhbz#676027 - sssd segfault when first entry of ldap_uri is
 - unreachable
 - Resolves: rhbz#678032 - Remove HBAC time rules from SSSD
 - Resolves: rhbz#675007 - sssd corrupts group cache
 - Resolves: rhbz#608864 - [RFE] Support obfuscated passwords in the SSSD
 - configuration

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected sssd, sssd-client and / or sssd-tools packages.

See Also

https://linux.oracle.com/errata/ELSA-2011-0975.html

Plugin Details

Severity: Medium

ID: 181078

File Name: oraclelinux_ELSA-2011-0975.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2010-4341

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:sssd-client, cpe:/o:oracle:linux:5, p-cpe:/a:oracle:linux:sssd, p-cpe:/a:oracle:linux:sssd-tools

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 7/31/2011

Vulnerability Publication Date: 1/24/2011

Reference Information

CVE: CVE-2010-4341