Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1268783 - Memory leak / possible DoS with krb auth. [rhel 6.7.z]
Memory leak / possible DoS with krb auth. [rhel 6.7.z]
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.7
Unspecified Unspecified
urgent Severity urgent
: rc
: ---
Assigned To: SSSD Maintainers
Kaushik Banerjee
: ZStream
Depends On: 1266404
Blocks: CVE-2015-5292
  Show dependency treegraph
 
Reported: 2015-10-05 04:50 EDT by Jan Kurik
Modified: 2015-11-10 08:02 EST (History)
14 users (show)

See Also:
Fixed In Version: sssd-1.12.4-47.el6_7.4
Doc Type: Bug Fix
Doc Text:
Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug.
Story Points: ---
Clone Of: 1266404
Environment:
Last Closed: 2015-11-10 08:02:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
FedoraHosted SSSD 2803 None None None Never
Red Hat Product Errata RHSA-2015:2019 normal SHIPPED_LIVE Low: sssd security and bug fix update 2015-11-10 13:00:44 EST

  None (edit)
Description Jan Kurik 2015-10-05 04:50:52 EDT 
This bug has been copied from bug #1266404 and has been proposed
to be backported to 6.7 z-stream (EUS).
Comment 4 Steeve Goveas 2015-10-16 15:57:08 EDT 
Verified in version
sssd-1.12.4-47.el6_7.4

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa_trust_func_ssh_0004: AD user, no password, lower domain
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: File /var/lib/sss/pubconf/krb5.include.d/localauth_plugin should exist 
:: [  BEGIN   ] :: Running 'cat /var/lib/sss/pubconf/krb5.include.d/localauth_plugin'
[plugins]
 localauth = {
  module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
  enable_only = sssd
 }:: [   PASS   ] :: Command 'cat /var/lib/sss/pubconf/krb5.include.d/localauth_plugin' (Expected 0, got 0)
:: [   PASS   ] :: File /usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so should exist 
:: [   PASS   ] :: File '/var/lib/sss/pubconf/krb5.include.d/localauth_plugin' should contain '/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so' 
:: [   PASS   ] :: File '/etc/krb5.conf' should not contain 'auth_to_local' 
:: [  BEGIN   ] :: Running 'ssh_without_password 'au101482374@IPAAD2012R2.TEST' 'au101482374@ipaad2012r2.test' 'ipaqa64vmd.tssh2k12r2.test' 'Secret123''
:: [ 15:05:05 ] :: Running: ssh -K -l "au101482374@ipaad2012r2.test" ipaqa64vmd.tssh2k12r2.test "echo 'login successful'
:: [ 15:05:19 ] :: ssh login successful
:: [   PASS   ] :: Command 'ssh_without_password 'au101482374@IPAAD2012R2.TEST' 'au101482374@ipaad2012r2.test' 'ipaqa64vmd.tssh2k12r2.test' 'Secret123'' (Expected 0, got 0)
:: [ 15:05:20 ] :: Running remotehost-sync-set -s '20.' -m ipaqa64vmd.idmqe.lab.eng.bos.redhat.com
:: [  BEGIN   ] :: Running 'remotehost-sync-set -s '20.' -m ipaqa64vmd.idmqe.lab.eng.bos.redhat.com'
remotehost-sync-set -s 20. -m ipaqa64vmd.idmqe.lab.eng.bos.redhat.com
root      9012  8569  0 14:27 ?        00:00:00 python -m SimpleHTTPServer 8907
:: [   PASS   ] :: Command 'remotehost-sync-set -s '20.' -m ipaqa64vmd.idmqe.lab.eng.bos.redhat.com' (Expected 0, got 0)
'66480777-dd4a-4de0-a4e6-cd99d67c587f'
ipa-trust-func-ssh-0004-AD-user-no-password-lower-domain result: PASS
Comment 6 errata-xmlrpc 2015-11-10 08:02:09 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2019.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.