Skip to navigation

Security Advisory Low: sssd security and bug fix update

Advisory: RHSA-2013:1319-1
Type: Security Advisory
Severity: Low
Issued on: 2013-09-30
Last updated on: 2013-09-30
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2013-0219

Details

Updated sssd packages that fix one security issue and several bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

SSSD (System Security Services Daemon) provides a set of daemons to manage
access to remote directories and authentication mechanisms. It provides NSS
(Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces
toward the system and a pluggable back end system to connect to multiple
different account sources.

A race condition was found in the way SSSD copied and removed user home
directories. A local attacker who is able to write into the home directory
of a different user who is being removed could use this flaw to perform
symbolic link attacks, possibly allowing them to modify and delete
arbitrary files with the privileges of the root user. (CVE-2013-0219)

The CVE-2013-0219 issue war discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also fixes the following bugs:

* After a paging control was used, memory in the sssd_be process was never
freed which led to the growth of the sssd_be process memory usage over
time. To fix this bug, the paging control was deallocated after use, and
thus the memory usage of the sssd_be process no longer grows. (BZ#820908)

* If the sssd_be process was terminated and recreated while there were
authentication requests pending, the sssd_pam process did not recover
correctly and did not reconnect to the new sssd_be process. Consequently,
the sssd_pam process was seemingly blocked and did not accept any new
authentication requests. The sssd_pam process has been fixes so that it
reconnects to the new instance of the sssd_be process after the original
one terminated unexpectedly. Even after a crash and reconnect, the sssd_pam
process now accepts new authentication requests. (BZ#882414)

* When the sssd_be process hung for a while, it was terminated and a new
instance was created. If the old instance did not respond to the TERM
signal and continued running, SSSD terminated unexpectedly. As a
consequence, the user could not log in. SSSD now keeps track of sssd_be
subprocesses more effectively, making the restarts of sssd_be more reliable
in such scenarios. Users can now log in whenever the sssd_be is restarted
and becomes unresponsive. (BZ#886165)

* In case the processing of an LDAP request took longer than the client
timeout upon completing the request (60 seconds by default), the PAM client
could have accessed memory that was previously freed due to the client
timeout being reached. As a result, the sssd_pam process terminated
unexpectedly with a segmentation fault. SSSD now ignores an LDAP request
result when it detects that the set timeout of this request has been
reached. The sssd_pam process no longer crashes in the aforementioned
scenario. (BZ#923813)

* When there was a heavy load of users and groups to be saved in cache,
SSSD experienced a timeout. Consequently, NSS did not start the backup
process properly and it was impossible to log in. A patch has been provided
to fix this bug. The SSSD daemon now remains responsive and the login
continues as expected. (BZ#805729)

* SSSD kept the file descriptors to the log files open. Consequently, on
occasions like moving the actual log file and restarting the back end, SSSD
still kept the file descriptors open. SSSD now closes the file descriptor
after the child process execution; after a successful back end start, the
file descriptor to log files is closed. (BZ#961680)

* While performing access control in the Identity Management back end, SSSD
erroneously downloaded the "member" attribute from the server and then
attempted to use it in the cache verbatim. Consequently, the cache
attempted to use the "member" attribute values as if they were pointing to
the local cache which was CPU intensive. The member attribute when
processing host groups is no longer downloaded and processed. Moreover, the
login process is reasonably fast even with large host groups. (BZ#979047)

All sssd users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
sssd-1.5.1-70.el5.src.rpm     MD5: 88c1c684eac1ab88cde6caf0f7c4cacb
SHA-256: 517957afd4dd7386cab790aac2977fd13d3810a1f5da68a52e750054056029c9
 
IA-32:
libipa_hbac-1.5.1-70.el5.i386.rpm     MD5: 6250f19ddf20ad641478945b20fc385a
SHA-256: 8054b329503f2bea9a0e2d67ee3b7e97ab4b04a887fa808699493f079a52980d
libipa_hbac-devel-1.5.1-70.el5.i386.rpm     MD5: c341b4f4477d3575009fbbfbde84b872
SHA-256: a61878571287232636625fe3bfef4f3b6f833e816e100f9797a8b917843c5d70
libipa_hbac-python-1.5.1-70.el5.i386.rpm     MD5: a5f1322d6c6d118d58582ead87e69e3f
SHA-256: 84d109717d3a939c5a3c01474fb383c423d4b353c2a898ede61f7129fc1b3443
sssd-1.5.1-70.el5.i386.rpm     MD5: 0b270f7cf8450c6b01e5f4c721e752c5
SHA-256: 09fdf3cd0ebd331af126cff72cd11318d8ea87950cbbc26dcd4fae2bf496d6d9
sssd-client-1.5.1-70.el5.i386.rpm     MD5: 85661455d53b42823286312b847a386a
SHA-256: 87dfe8a50e9ae5556f1cc51eb8c7fd2f6fda93ee2e63a62be7abc43a1961f959
sssd-debuginfo-1.5.1-70.el5.i386.rpm     MD5: 17fb198fbe795534671c93800fb8de9a
SHA-256: 80d76279dfff1719fecf79346ca285c6c22cb58587a7f34718ffc9dcc5ad4084
sssd-tools-1.5.1-70.el5.i386.rpm     MD5: 010c8524f344b98ffa7fddaa787d9938
SHA-256: a84e7f39ce57697ade0111b5d393017fef03aa0d96fd710d8b4d70e0e13bd5d5
 
IA-64:
libipa_hbac-1.5.1-70.el5.ia64.rpm     MD5: 8615d9af2ef7a8650d5cec4012c358a1
SHA-256: 88a108d0db50f06564faf1995318811b5fac7f61e0a9ca5f28fdf8590a11d4c2
libipa_hbac-devel-1.5.1-70.el5.ia64.rpm     MD5: 8e0eb68a4a412bb46402dfcc2f636e1c
SHA-256: 6a69cf04c0ae93f18bc8ec55da9b92441ab9e3b4f9dbee8fa7cb4f083b7f7259
libipa_hbac-python-1.5.1-70.el5.ia64.rpm     MD5: 5dd90e4849ad4765fd4320ef293b16ea
SHA-256: c4e64752c848239710fbb99d17f27f9fdc5aef941a5d40ffe0b2e092ee72141a
sssd-1.5.1-70.el5.ia64.rpm     MD5: 0bbf1124a80511151cbffeec3c9e774f
SHA-256: 7c6923ea2d1e45ff888192851a4a3d190f2a70d0841d3003326e21332383b41e
sssd-client-1.5.1-70.el5.i386.rpm     MD5: 85661455d53b42823286312b847a386a
SHA-256: 87dfe8a50e9ae5556f1cc51eb8c7fd2f6fda93ee2e63a62be7abc43a1961f959
sssd-client-1.5.1-70.el5.ia64.rpm     MD5: 2cf499b8b4eaebbc5eba92cff094b6fe
SHA-256: 832fdcdf8b2767511089567d1e71a280cb2197cf9d02a9e12fccd86fbdbb3dee
sssd-debuginfo-1.5.1-70.el5.i386.rpm     MD5: 17fb198fbe795534671c93800fb8de9a
SHA-256: 80d76279dfff1719fecf79346ca285c6c22cb58587a7f34718ffc9dcc5ad4084
sssd-debuginfo-1.5.1-70.el5.ia64.rpm     MD5: 3ec8d3136d4e5f2688aea09b716b1c14
SHA-256: 806ee09717c76aad606774dcceff389b12d871695e47f6857415261dede6649e
sssd-tools-1.5.1-70.el5.ia64.rpm     MD5: 10b8d8d2b87530e520a0bb2b7ec60804
SHA-256: e90318758656dd9b4f82f5ee0bfa71f325dbcec1ca3bbeb3c440769bf055ded0
 
PPC:
libipa_hbac-1.5.1-70.el5.ppc.rpm     MD5: 514a1ff748efb38a735aea19ba040af9
SHA-256: 43f649898df697844eb2c756e9bbd29e48a6ec910c53e9a6fdf16081e9bdfba0
libipa_hbac-1.5.1-70.el5.ppc64.rpm     MD5: a0b6afc0edba1e05d26f8568490edfb4
SHA-256: 69df651f6e3aef4aa0d55e9c6e96ad69f1a3503628aa2e653a45b293451fb43c
libipa_hbac-devel-1.5.1-70.el5.ppc.rpm     MD5: 04a94fa8cd1cd0593506916677eda97b
SHA-256: 8d80dd784e850cdb76d3b499ff1721ecec29458ea6ac3e8fec0b36ab37251321
libipa_hbac-devel-1.5.1-70.el5.ppc64.rpm     MD5: 260027a337826900dac381e726ca7d2b
SHA-256: f4f582496f9fc98613a63c573bc79d6ad8ef6e3bd319bb72a14b2118a0b04787
libipa_hbac-python-1.5.1-70.el5.ppc.rpm     MD5: b3a42172cd86c8a84080f3b8c7e72084
SHA-256: b0d36242c580400d5e52bdf9e2734ee492dac35fe69a90dc093d6d240bddf2b9
sssd-1.5.1-70.el5.ppc.rpm     MD5: 00101fbf456541ff2b4cef2d316edd2e
SHA-256: cd5cf424db6511c5a127de3ad82d9745efa2ee3d874ee64a97ae30e4e2437a46
sssd-client-1.5.1-70.el5.ppc.rpm     MD5: ab9f3ac91bc1e33faf8b029ddeb82db9
SHA-256: 3e17387d50c6ce90bd23fb06478e8e25215172109b30b204e6dbc4838bfe908f
sssd-client-1.5.1-70.el5.ppc64.rpm     MD5: c5c05a37f7dbf6f6d3935501f3b48a75
SHA-256: dea8885406913ae8de5d61c71e7addbf7371e82971d2f691b4fd6de2a4322c95
sssd-debuginfo-1.5.1-70.el5.ppc.rpm     MD5: 278083e39ab781cc9f32dd97a02a59e1
SHA-256: 552d9361d09ccdbd1726095ccad6e90eebc0668c9ef17f00fd1863ab322be4f9
sssd-debuginfo-1.5.1-70.el5.ppc64.rpm     MD5: 45daec49f765da2d46c4110b4d0bbd1d
SHA-256: 31cd2d3af40e4d769947d0352d9dc6734a6bc46e098e222a817167fee4a09af3
sssd-tools-1.5.1-70.el5.ppc.rpm     MD5: dbe5ef5eff43c86a8bbba8cf2524f724
SHA-256: afbb14d75021d9db8098b019c2828d09890920d911b54bd91869b3a5190543b6
 
s390x:
libipa_hbac-1.5.1-70.el5.s390.rpm     MD5: 8690863d631a12b9f39ad3ad2234bd79
SHA-256: b2d5de67ee65702b20e432b29c9e66d8b8f09e2a1b3044a4f9854f48e7e4b77c
libipa_hbac-1.5.1-70.el5.s390x.rpm     MD5: 649efaa52687230af0f72277085815ad
SHA-256: 4f833b3951523342d7016b5f4d796ebcd4cbd38f832c5cc225c1c75b1be2954f
libipa_hbac-devel-1.5.1-70.el5.s390.rpm     MD5: ccbaf940f0c14ba58f33f9e9b3dc29dc
SHA-256: 0bd0a9c194924fe064f6511e65373cf6a6da1083493bba9f165aa9fcdd8c3334
libipa_hbac-devel-1.5.1-70.el5.s390x.rpm     MD5: 4d1f060c95e89830d0d4e0c4d6dcde98
SHA-256: c0699806fbaa2dd685049284304dd3eae9fe1c0fbb090f318a54f9b77e54aab1
libipa_hbac-python-1.5.1-70.el5.s390x.rpm     MD5: 4c40d520f32d5d55820eab4c22d6442b
SHA-256: fcc19137493472bede5fb88b3fc2d776df230c485db656f87e2b16923b99a8cf
sssd-1.5.1-70.el5.s390x.rpm     MD5: 3bfa9895a1a5ef2ec0efcb88ad911085
SHA-256: fc4c6709d67fe3820dc1fbf49abacf8a5d42167ac60595d01b7070d411c46c30
sssd-client-1.5.1-70.el5.s390.rpm     MD5: 057fb297a6733b8eb1ecb0a955ce8ee1
SHA-256: 26568f39b83f6695e6dd91bac23306da69f02fcb93033c3cdd68867e33ce6a4c
sssd-client-1.5.1-70.el5.s390x.rpm     MD5: f05153f6e7a9d03d6e99a26ba3255697
SHA-256: f5dfc253b2a7616664c8384fc73380a138f78d2a02abf67c0d69b26d6e0e9a42
sssd-debuginfo-1.5.1-70.el5.s390.rpm     MD5: b514795d0a6d7e2b166a37f09073c552
SHA-256: 7e403b65dd08b4dd8803addd25c5269ec262712bde31e102df1739e068679780
sssd-debuginfo-1.5.1-70.el5.s390x.rpm     MD5: 7e23bf71b0402af9965968e9c61001b4
SHA-256: 5db9339f8e83fcdfb07619037a9a33e6a2203308783175f08a72ba7ba06ebdaf
sssd-tools-1.5.1-70.el5.s390x.rpm     MD5: 9c138a0d665bc800cfdd18b2826e1454
SHA-256: b324dc350d72e3bc6b837e54b955dd1f3e4a6f4060ec36ad86beaec58b90330f
 
x86_64:
libipa_hbac-1.5.1-70.el5.i386.rpm     MD5: 6250f19ddf20ad641478945b20fc385a
SHA-256: 8054b329503f2bea9a0e2d67ee3b7e97ab4b04a887fa808699493f079a52980d
libipa_hbac-1.5.1-70.el5.x86_64.rpm     MD5: 6d2a375c30fd6516a4c79a5d8def6521
SHA-256: eceb3a769da9c433cc80763278da7d38680d8c9a96811c8aa341f2561d4f8342
libipa_hbac-devel-1.5.1-70.el5.i386.rpm     MD5: c341b4f4477d3575009fbbfbde84b872
SHA-256: a61878571287232636625fe3bfef4f3b6f833e816e100f9797a8b917843c5d70
libipa_hbac-devel-1.5.1-70.el5.x86_64.rpm     MD5: acb11157b5d90b4d3fe15b1fe1bf536c
SHA-256: ff451fd8e325d1f51539f4b121a8874cdeee8b47793abbd9990e2b536f4f25f8
libipa_hbac-python-1.5.1-70.el5.x86_64.rpm     MD5: 8d30d8ec6cf708f89d40b427d7bc3868
SHA-256: 608b5a7a74c85eba9d20946b2a88da8cf4398e1bea8b973a8bb1b7bb54390abb
sssd-1.5.1-70.el5.x86_64.rpm     MD5: 46b02d987733a83963a3d7872d8b3306
SHA-256: 4df1ef85e8c3557e89fdf230d30917a79268ef859f7333afe72847df9fc7c04d
sssd-client-1.5.1-70.el5.i386.rpm     MD5: 85661455d53b42823286312b847a386a
SHA-256: 87dfe8a50e9ae5556f1cc51eb8c7fd2f6fda93ee2e63a62be7abc43a1961f959
sssd-client-1.5.1-70.el5.x86_64.rpm     MD5: 2b04eefd79bc2bcf1070c407e25ab3a0
SHA-256: 6a05239af81c869686385118471780753bbde69f991d485203565533f741f615
sssd-debuginfo-1.5.1-70.el5.i386.rpm     MD5: 17fb198fbe795534671c93800fb8de9a
SHA-256: 80d76279dfff1719fecf79346ca285c6c22cb58587a7f34718ffc9dcc5ad4084
sssd-debuginfo-1.5.1-70.el5.x86_64.rpm     MD5: a1db90ed61980327873581627d5ee243
SHA-256: 48e849c0f2c90be0c80015a298c5fcd0e4946e10e544fd175cff43e90df32d6d
sssd-tools-1.5.1-70.el5.x86_64.rpm     MD5: 1636b73ea3974b36f4f84c83fb0676a6
SHA-256: c4f0e6250fbc25599b576718004a67ae2f2b0d7813e0adbcce3a0db298002669
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
sssd-1.5.1-70.el5.src.rpm     MD5: 88c1c684eac1ab88cde6caf0f7c4cacb
SHA-256: 517957afd4dd7386cab790aac2977fd13d3810a1f5da68a52e750054056029c9
 
IA-32:
libipa_hbac-1.5.1-70.el5.i386.rpm     MD5: 6250f19ddf20ad641478945b20fc385a
SHA-256: 8054b329503f2bea9a0e2d67ee3b7e97ab4b04a887fa808699493f079a52980d
libipa_hbac-devel-1.5.1-70.el5.i386.rpm     MD5: c341b4f4477d3575009fbbfbde84b872
SHA-256: a61878571287232636625fe3bfef4f3b6f833e816e100f9797a8b917843c5d70
libipa_hbac-python-1.5.1-70.el5.i386.rpm     MD5: a5f1322d6c6d118d58582ead87e69e3f
SHA-256: 84d109717d3a939c5a3c01474fb383c423d4b353c2a898ede61f7129fc1b3443
sssd-1.5.1-70.el5.i386.rpm     MD5: 0b270f7cf8450c6b01e5f4c721e752c5
SHA-256: 09fdf3cd0ebd331af126cff72cd11318d8ea87950cbbc26dcd4fae2bf496d6d9
sssd-client-1.5.1-70.el5.i386.rpm     MD5: 85661455d53b42823286312b847a386a
SHA-256: 87dfe8a50e9ae5556f1cc51eb8c7fd2f6fda93ee2e63a62be7abc43a1961f959
sssd-debuginfo-1.5.1-70.el5.i386.rpm     MD5: 17fb198fbe795534671c93800fb8de9a
SHA-256: 80d76279dfff1719fecf79346ca285c6c22cb58587a7f34718ffc9dcc5ad4084
sssd-tools-1.5.1-70.el5.i386.rpm     MD5: 010c8524f344b98ffa7fddaa787d9938
SHA-256: a84e7f39ce57697ade0111b5d393017fef03aa0d96fd710d8b4d70e0e13bd5d5
 
x86_64:
libipa_hbac-1.5.1-70.el5.i386.rpm     MD5: 6250f19ddf20ad641478945b20fc385a
SHA-256: 8054b329503f2bea9a0e2d67ee3b7e97ab4b04a887fa808699493f079a52980d
libipa_hbac-1.5.1-70.el5.x86_64.rpm     MD5: 6d2a375c30fd6516a4c79a5d8def6521
SHA-256: eceb3a769da9c433cc80763278da7d38680d8c9a96811c8aa341f2561d4f8342
libipa_hbac-devel-1.5.1-70.el5.i386.rpm     MD5: c341b4f4477d3575009fbbfbde84b872
SHA-256: a61878571287232636625fe3bfef4f3b6f833e816e100f9797a8b917843c5d70
libipa_hbac-devel-1.5.1-70.el5.x86_64.rpm     MD5: acb11157b5d90b4d3fe15b1fe1bf536c
SHA-256: ff451fd8e325d1f51539f4b121a8874cdeee8b47793abbd9990e2b536f4f25f8
libipa_hbac-python-1.5.1-70.el5.x86_64.rpm     MD5: 8d30d8ec6cf708f89d40b427d7bc3868
SHA-256: 608b5a7a74c85eba9d20946b2a88da8cf4398e1bea8b973a8bb1b7bb54390abb
sssd-1.5.1-70.el5.x86_64.rpm     MD5: 46b02d987733a83963a3d7872d8b3306
SHA-256: 4df1ef85e8c3557e89fdf230d30917a79268ef859f7333afe72847df9fc7c04d
sssd-client-1.5.1-70.el5.i386.rpm     MD5: 85661455d53b42823286312b847a386a
SHA-256: 87dfe8a50e9ae5556f1cc51eb8c7fd2f6fda93ee2e63a62be7abc43a1961f959
sssd-client-1.5.1-70.el5.x86_64.rpm     MD5: 2b04eefd79bc2bcf1070c407e25ab3a0
SHA-256: 6a05239af81c869686385118471780753bbde69f991d485203565533f741f615
sssd-debuginfo-1.5.1-70.el5.i386.rpm     MD5: 17fb198fbe795534671c93800fb8de9a
SHA-256: 80d76279dfff1719fecf79346ca285c6c22cb58587a7f34718ffc9dcc5ad4084
sssd-debuginfo-1.5.1-70.el5.x86_64.rpm     MD5: a1db90ed61980327873581627d5ee243
SHA-256: 48e849c0f2c90be0c80015a298c5fcd0e4946e10e544fd175cff43e90df32d6d
sssd-tools-1.5.1-70.el5.x86_64.rpm     MD5: 1636b73ea3974b36f4f84c83fb0676a6
SHA-256: c4f0e6250fbc25599b576718004a67ae2f2b0d7813e0adbcce3a0db298002669
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

884254 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees
961680 - sssd components seem to mishandle sighup
974036 - sssd core process keeps running after backends quit
979047 - sssd_be goes to 99% CPU and causes significant login delays when client is under load


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/