Summary
The remote host is missing an update to sssd
announced via advisory FEDORA-2009-8101.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update sssd' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8101
Insight
Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.
Update Information:
If a user was added to the SSSD BE database without setting a password, the user could ssh to the SSSD configured client and enter any password to gain access.
This update resolves this issue so users with no password set are no longer able to login.
ChangeLog:
* Wed Jul 29 2009 Jakub Hrozek - 0.4.1-3
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2410 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities