[Freeipa-interest] A security bug in SSSD 1.10 and later (CVE-2015-5292)
Jakub Hrozek
jhrozek at redhat.com
Thu Oct 15 19:21:06 UTC 2015
=============== A security bug in SSSD 1.10 and later ==============
=
= Subject: A memory leak was found in SSSD's PAC processing plugin
=
= CVE ID#: CVE-2015-5292
=
= Summary: When SSSD's PAC responder is configured and a user login
= triggers parsing of the PAC blob (typically a GSSAPI
= password-less login), a small amount of memory is leaked
= in the context of the Kerberized application. This can
= eventually lead to memory exhaustion.
=
= Impact: Low
=
= Acknowledgements: This bug was found by Thomas Oulevey from CERN
=
= Affects default
= configuration: Only for the IPA provider
=
= Introduced with: 1.10.0 beta2
=
===============================================================
==== DESCRIPTION ====
When SSSD's PAC responder is configured and a user login triggers parsing of
the PAC blob (typically a GSSAPI password-less login), a small amount of
memory is leaked in the context of the Kerberized application. This can
eventually lead to memory exhaustion.
The affected configration would include "pac" in the list of services in
the the "[sssd]" section of the /etc/sssd/sssd.conf config file. Please
note that SSSD automatically starts the PAC responder in case the provider
type is set to IPA.
Also note that the most widely deployed application with this configuration
is OpenSSH, where the bug is not noticeable because, the leak happens in
a short-lived child process, not the long-running deamon.
The fix was delivered as part of the 1.13.1 release. However, the security
implications of the bug were only determined later.
The bug is being tracked in the following Red Hat Bugzilla report:
https://bugzilla.redhat.com/show_bug.cgi?id=1267580
==== PATCH AVAILABILITY ====
The patch is available at:
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=b4c44ebb8997d3debb33607c123ccfd9926e0cba
More information about the Freeipa-interest
mailing list