| Summary: | CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||||
| Severity: | low | Docs Contact: | |||||||||
| Priority: | low | ||||||||||
| Version: | unspecified | CC: | jgalipea, jlieskov, kbanerje, prc, sbose, security-response-team, sgallagh, ssorce | ||||||||
| Target Milestone: | --- | Keywords: | Security | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | sssd 1.5.1 | Doc Type: | Bug Fix | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2011-07-21 14:15:05 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Bug Depends On: | 668888, 688248, 688250 | ||||||||||
| Bug Blocks: | |||||||||||
| Attachments: |
|
||||||||||
|
Description
Vincent Danen
2010-12-07 23:37:44 UTC
Created attachment 469438 [details]
Patch for RHEL5 and RHEL6
This patch applies to the SSSD 1.2.x branch and will resolve the issue on RHEL 5 and RHEL 6.
Created attachment 469439 [details]
Patch for Fedora 13
This patch applies to the SSSD 1.3 branch and will resolve the issue on Fedora 13.
Created attachment 469440 [details]
Patch for Fedora 14
This patch applies to the SSSD 1.4.x branch and will resolve the issue on Fedora 14.
Thanks for the patches. I'm going to pass these on to other vendors and coordinate an unembargo date. Created sssd tracking bugs for this issue Affects: fedora-all [bug 668888] Statement: (none) Verified with Sumit's reproducer script. The script hangs on running on RHEL 6.0 32-bit (sssd-1.2.1-28) and sssd_pam consumes 100% cpu. The script works fine on running on RHEL 6.1 32 bit (sssd-1.5.1-25). Verified on version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 25.el6 Build Date: Fri 08 Apr 2011 10:53:37 PM IST Install Date: Tue 12 Apr 2011 11:01:14 AM IST Build Host: x86-002.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-25.el6.src.rpm Size : 3582701 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0560 https://rhn.redhat.com/errata/RHSA-2011-0560.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0560 https://rhn.redhat.com/errata/RHSA-2011-0560.html This was corrected in upstream sssd version 1.5.1: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.1 Why was this BZ reopened? It was never closed, and it is still unresolved in Red Hat Enterprise Linux 5. SRT bugs shouldn't be in VERIFIED state, so I just flipped the state back to NEW where it is supposed to be. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0975 https://rhn.redhat.com/errata/RHSA-2011-0975.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0975 https://rhn.redhat.com/errata/RHSA-2011-0975.html |