Bug 2223762 (CVE-2023-3758) - CVE-2023-3758 sssd: Race condition during authorization leads to GPO policies functioning inconsistently
Summary: CVE-2023-3758 sssd: Race condition during authorization leads to GPO policies...
Keywords:
Status: NEW
Alias: CVE-2023-3758
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2223765 2223766 2223767 2241398 2275905
Blocks: 2223763
TreeView+ depends on / blocked
 
Reported: 2023-07-18 19:35 UTC by Pedro Sampaio
Modified: 2024-05-22 11:41 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1919 0 None None None 2024-04-18 13:55:54 UTC
Red Hat Product Errata RHSA-2024:1920 0 None None None 2024-04-18 14:07:45 UTC
Red Hat Product Errata RHSA-2024:1921 0 None None None 2024-04-18 14:00:57 UTC
Red Hat Product Errata RHSA-2024:1922 0 None None None 2024-04-18 14:23:55 UTC
Red Hat Product Errata RHSA-2024:3270 0 None None None 2024-05-22 11:41:33 UTC

Description Pedro Sampaio 2023-07-18 19:35:24 UTC
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting access to resources inappropriately. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=2222429

Comment 19 Anten Skrabec 2024-04-18 10:35:54 UTC
Created sssd tracking bugs for this issue:

Affects: fedora-all [bug 2275905]

Comment 20 errata-xmlrpc 2024-04-18 13:55:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1919 https://access.redhat.com/errata/RHSA-2024:1919

Comment 21 errata-xmlrpc 2024-04-18 14:00:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1921 https://access.redhat.com/errata/RHSA-2024:1921

Comment 22 errata-xmlrpc 2024-04-18 14:07:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1920 https://access.redhat.com/errata/RHSA-2024:1920

Comment 23 errata-xmlrpc 2024-04-18 14:23:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1922 https://access.redhat.com/errata/RHSA-2024:1922

Comment 24 errata-xmlrpc 2024-05-22 11:41:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3270 https://access.redhat.com/errata/RHSA-2024:3270


Note You need to log in before you can comment on or make changes to this bug.