Download
| Alert*
oval:org.secpod.oval:def:1600819
Unsanitized input when searching in local cache databaseIt was found that sssd#039;s sysdb_search_user_by_upn_res function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given us ... oval:org.secpod.oval:def:89044967 This update for sssd provides the following fixes: Security issues fixed: - CVE-2017-12173: Fixed unsanitized input when searching in local cache database . Non security issues fixed: - Fixed a segfault issue in ldap_rfc_2307_fallback_to_local_users. - Install /var/lib/sss/mc directory to correct s ... oval:org.secpod.oval:def:204714 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:204841 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:204848 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:113336 Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a plug-gable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy service ... oval:org.secpod.oval:def:113552 Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a plug-gable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy service ... oval:org.secpod.oval:def:502314 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:2001411 It was found that sssd"s sysdb_search_user_by_upn_res function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this f ... oval:org.secpod.oval:def:704212 sssd: System Security Services Daemon -- metapackage SSSD could be made to expose sensitive information. oval:org.secpod.oval:def:52088 sssd: System Security Services Daemon -- metapackage SSSD could be made to expose sensitive information. oval:org.secpod.oval:def:1502254 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502204 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:1502079 The advisory is missing the security advisory description. For more information please visit the reference link |