Описание
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Отчет
This flaw is triggered by a race condition which makes it difficult to exploit. Also, it depends on non default GPO configuration on the server side. This two aspects lowers the severity of the issue to Moderate.
Меры по смягчению последствий
A mitigation can be applied to the sssd.conf file that would make the occurrence of the race condition more difficult:
- Increase the GPO cache time out editing the following configuration directive in sssd.conf file: a) ad_gpo_cache_timeout = 3600 Ps.: This value (3600) should make the cache time out in one hour but would make GPO updates propagation from AD server to local machines take longer. [1] https://access.redhat.com/documentation/pt-br/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-gpo
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | sssd | Out of support scope | ||
| Red Hat Enterprise Linux 7 | sssd | Out of support scope | ||
| Red Hat Enterprise Linux 8 | sssd | Fixed | RHSA-2024:3270 | 22.05.2024 |
| Red Hat Enterprise Linux 8 | sssd | Fixed | RHSA-2024:3270 | 22.05.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | sssd | Fixed | RHSA-2024:1921 | 18.04.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | sssd | Fixed | RHSA-2024:1922 | 18.04.2024 |
| Red Hat Enterprise Linux 9 | sssd | Fixed | RHSA-2024:2571 | 30.04.2024 |
| Red Hat Enterprise Linux 9 | sssd | Fixed | RHSA-2024:2571 | 30.04.2024 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | sssd | Fixed | RHSA-2024:1919 | 18.04.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | sssd | Fixed | RHSA-2024:1920 | 18.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
A race condition flaw was found in sssd where the GPO policy is not co ...
EPSS
7.1 High
CVSS3