Описание
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| sssd | fixed | 2.2.0-1 | package | |
| sssd | no-dsa | stretch | package | |
| sssd | not-affected | jessie | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1640820
GPO based access control introduced in https://github.com/SSSD/sssd/commit/60cab26b12
seems to presuppose configuration mistake: if sssd is not given enough permissions
to read GPO, access is systematically granted instead of denied
https://pagure.io/SSSD/sssd/issue/3867
https://pagure.io/SSSD/sssd/c/ad058011b6b75b15c674be46a3ae9b3cc5228175 (sssd-1-16)
EPSS
Связанные уязвимости
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
EPSS