Low: sssd (SL6)

By Scientific Linux Team on March 4, 2013

Synopsis: Low: sssd security, bug fix and enhancement update
Issue Date: 2013-02-21
CVE Numbers: CVE-2013-0219
CVE-2013-0220

A race condition was found in the way SSSD copied and removed user home
directories. A local attacker who is able to write into the home directory of a
different user who is being removed could use this flaw to perform symbolic
link attacks, possibly allowing them to modify and delete arbitrary files with
the privileges of the root user. (CVE-2013-0219)

Multiple out-of-bounds memory read flaws were found in the way the autofs and
SSH service responders parsed certain SSSD packets. An attacker could spend a
specially-crafted packet that, when processed by the autofs or SSH service
responders, would cause SSSD to crash. This issue only caused a temporary
denial of service, as SSSD was automatically restarted by the monitor process
after the crash. (CVE-2013-0220)

SL6
x86_64
libipa_hbac-1.9.2-82.el6.i686.rpm
libipa_hbac-1.9.2-82.el6.x86_64.rpm
libipa_hbac-python-1.9.2-82.el6.x86_64.rpm
libsss_autofs-1.9.2-82.el6.x86_64.rpm
libsss_idmap-1.9.2-82.el6.x86_64.rpm
libsss_sudo-1.9.2-82.el6.x86_64.rpm
sssd-1.9.2-82.el6.x86_64.rpm
sssd-client-1.9.2-82.el6.i686.rpm
sssd-client-1.9.2-82.el6.x86_64.rpm
sssd-debuginfo-1.9.2-82.el6.i686.rpm
sssd-debuginfo-1.9.2-82.el6.x86_64.rpm
libipa_hbac-devel-1.9.2-82.el6.i686.rpm
libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm
libsss_idmap-1.9.2-82.el6.i686.rpm
libsss_idmap-devel-1.9.2-82.el6.i686.rpm
libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm
libsss_sudo-devel-1.9.2-82.el6.i686.rpm
libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm
sssd-tools-1.9.2-82.el6.x86_64.rpm
i386
libipa_hbac-1.9.2-82.el6.i686.rpm
libipa_hbac-python-1.9.2-82.el6.i686.rpm
libsss_autofs-1.9.2-82.el6.i686.rpm
libsss_idmap-1.9.2-82.el6.i686.rpm
libsss_sudo-1.9.2-82.el6.i686.rpm
sssd-1.9.2-82.el6.i686.rpm
sssd-client-1.9.2-82.el6.i686.rpm
sssd-debuginfo-1.9.2-82.el6.i686.rpm
libipa_hbac-devel-1.9.2-82.el6.i686.rpm
libsss_idmap-devel-1.9.2-82.el6.i686.rpm
libsss_sudo-devel-1.9.2-82.el6.i686.rpm
sssd-tools-1.9.2-82.el6.i686.rpm

– Scientific Linux Development Team