Bug 2223762 (CVE-2023-3758)

Summary: CVE-2023-3758 sssd: Race condition during authorization leads to GPO policies functioning inconsistently
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aboscatt, atikhono, jwest, michal.skrivanek, mperina, pbrezina, sbose, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2223765, 2223766, 2223767, 2241398, 2275905    
Bug Blocks: 2223763    

Description Pedro Sampaio 2023-07-18 19:35:24 UTC 
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting access to resources inappropriately. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=2222429
Comment 19 Anten Skrabec 2024-04-18 10:35:54 UTC 
Created sssd tracking bugs for this issue:

Affects: fedora-all [bug 2275905]
Comment 20 errata-xmlrpc 2024-04-18 13:55:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1919 https://access.redhat.com/errata/RHSA-2024:1919
Comment 21 errata-xmlrpc 2024-04-18 14:00:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1921 https://access.redhat.com/errata/RHSA-2024:1921
Comment 22 errata-xmlrpc 2024-04-18 14:07:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1920 https://access.redhat.com/errata/RHSA-2024:1920
Comment 23 errata-xmlrpc 2024-04-18 14:23:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1922 https://access.redhat.com/errata/RHSA-2024:1922