>From my yesterday trying to seed sssd, there are some components
mismatched:
o samba4: libdcerpc-dev libdcerpc-server-dev libdcerpc-server0 libdcerpc0
libgensec-dev libgensec0 libndr-dev libndr-standard-dev libndr-standard0
libndr0 libparse-pidl-perl libregistry-dev libregistry0
libsamba-credentials-dev libsamba-credentials0 libsamba-hostconfig-dev
libsamba-hostconfig0 libsamba-policy-dev libsamba-policy0 libsamba-util-dev
libsamba-util0 libsamdb-dev libsamdb0 libsmbclient-raw-dev libsmbclient-raw0
libtorture-dev samba-dsdb-modules samba4-dev
[Reverse-Depends: Rescued from samba4, libdcerpc-server-dev, libdcerpc0,
libgensec0, libndr-standard0, libndr0, libregistry-dev, libsamba-credentials0,
libsamba-policy-dev, libsamba-policy0, libsmbclient-raw-dev, samba4-dev,
sssd-ad]
[Reverse-Recommends: libsamdb0]
[Reverse-Build-Depends: sssd]
--
You received this bug notification because you are a member of Tieto,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
Status in “libsemanage” package in Ubuntu:
Fix Released
Status in “samba” package in Ubuntu:
Fix Released
Status in “sssd” package in Ubuntu:
Fix Committed
Status in “tevent” package in Ubuntu:
Fix Released
Bug description:
sssd & ding-libs (which got split off sssd at some point):
1. Availability:
- in universe for some time
2. Rationale:
- https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-sssd-mir
3. Security:
- no current CVE
- five CVE reports in the past:
CVE-2011-1758 The krb5_save_ccname_done function in
providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x
before 1.5.7, when automatic ticket renewal and offline authentication are
configured, uses a pathname string as a password, which allows local users to
bypass Kerberos authentication by listing the /tmp directory to obtain the
pathname.
CVE-2010-4341 The pam_parse_in_data_v2 function in
src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and
1.3 allows local users to cause a denial of service (infinite loop, crash, and
login prevention) via a crafted packet.
CVE-2010-2940 The auth_send function in providers/ldap/ldap_auth.c in
System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and
anonymous bind are enabled, allows remote attackers to bypass the
authentication requirements of pam_authenticate via an empty password.
CVE-2010-0014 System Security Services Daemon (SSSD) before 1.0.1,
when the krb5 auth_provider is configured but the KDC is unreachable, allows
physically proximate attackers to authenticate, via an arbitrary password, to
the screen-locking program on a workstation that has any user's Kerberos
ticket-granting ticket (TGT); and might allow remote attackers to bypass
intended access restrictions via vectors involving an arbitrary password in
conjunction with a valid TGT.
CVE-2009-2410 The local_handler_callback function in
server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle
blank-password accounts in the SSSD BE database, which allows context-dependent
attackers to obtain access by sending the account's username, in conjunction
with an arbitrary password, over an ssh connection.
all got fixed by upstream in a timely manner.
- ships a daemon that handles connections to LDAP, Kerberos servers
- doesn't open privileged ports
- binaries in /usr/sbin include sssd, sss_group{add,del,mod},
sss_user{add,del,mod}
4. Quality assurance:
- current version doesn't install any working configuration, it is the plan
to add support for debconf though
<check>
5. UI standards:
- not applicable
6. Dependencies:
- ding-libs (libcollection-dev, libini-config-dev, libdhash-dev)
- tevent (libtevent-dev)
- ldb (libldb-dev)
- libsemanage (libsemanage1-dev)
- samba4 (libndr-dev, libndr-standard-dev, libsamba-util-dev, libdcerpc-dev,
samba4-dev)
- libpwquality (libpam-sss now depends on libpam-pwquality)
7. Standards compliance:
- shipped by debian
- lintian clean
- uses dh, source format 3.0 (quilt)
8. Maintenance:
- currently maintained by a team of volunteers on Debian and Ubuntu
- shared git repository on git.debian.org
9. Background information:
<check>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libsemanage/+bug/903752/+subscriptions
--
Mailing list: https://launchpad.net/~tieto
Post to : [email protected]
Unsubscribe : https://launchpad.net/~tieto
More help : https://help.launchpad.net/ListHelp
