Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane

From: Jakub Hrozek <jhrozek <at> redhat.com>
Subject: A security bug in SSSD 1.10 and later (CVE-2015-5292)
Newsgroups: gmane.linux.redhat.sssd.user
Date: Thursday 15th October 2015 19:21:06 UTC (over 3 years ago)
=============== A security bug in SSSD 1.10 and later ==============
=
= Subject:          A memory leak was found in SSSD's PAC processing plugin
=
= CVE ID#:          CVE-2015-5292
=
= Summary:          When SSSD's PAC responder is configured and a user
login
=                   triggers parsing of the PAC blob (typically a GSSAPI
=                   password-less login), a small amount of memory is
leaked
=                   in the context of the Kerberized  application. This can
=                   eventually lead to memory exhaustion.
=
= Impact:           Low
=
= Acknowledgements: This bug was found by Thomas Oulevey from CERN
=
= Affects default
=  configuration:   Only for the IPA provider
=
= Introduced with:  1.10.0 beta2
=
===============================================================

==== DESCRIPTION ====
When SSSD's PAC responder is configured and a user login triggers parsing
of
the PAC blob (typically a GSSAPI password-less login), a small amount of
memory is leaked in the context of the Kerberized application. This can
eventually lead to memory exhaustion.

The affected configration would include "pac" in the list of services in
the the "[sssd]" section of the /etc/sssd/sssd.conf config file. Please
note that SSSD automatically starts the PAC responder in case the provider
type is set to IPA.

Also note that the most widely deployed application with this configuration
is OpenSSH, where the bug is not noticeable because, the leak happens in
a short-lived child process, not the long-running deamon.

The fix was delivered as part of the 1.13.1 release. However, the security
implications of the bug were only determined later.

The bug is being tracked in the following Red Hat Bugzilla report:
    https://bugzilla.redhat.com/show_bug.cgi?id=1267580

==== PATCH AVAILABILITY ====
The patch is available at:
    https://git.fedorahosted.org/cgit/sssd.git/commit/?id=b4c44ebb8997d3debb33607c123ccfd9926e0cba
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
 
CD: 14ms