Bug 699864 (CVE-2018-16838)

Summary:	<sys-auth/sssd-2.2.0-r1: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	alexxy, base-system, phmagic, zlogene
Priority:	Normal	Flags:	nattka: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=743142
Whiteboard:	B4 [noglsa cve]
Package list:	=sys-auth/sssd-2.2.0-r1	Runtime testing required:	---
Bug Depends on:
Bug Blocks:	709632

Description GLSAMaker/CVETool Bot gentoo-dev

2019-11-11 18:17:39 UTC

CVE-2018-16838 (https://nvd.nist.gov/vuln/detail/CVE-2018-16838):
  A flaw was found in sssd Group Policy Objects implementation. When the GPO
  is not readable by SSSD due to a too strict permission settings on the
  server side, SSSD will allow all authenticated users to login instead of
  denying access.

Comment 1 Sam James archtester

2020-05-02 22:04:16 UTC

@maintainer(s): ping, ready for stabilisation?

Comment 2 Adam Purkrt 2020-05-19 11:45:07 UTC

Hi, just wanted to add that we've been running sssd-2.2.3 for three months now (necessitated by bug #709632), without any issues.

Perhaps good enough to stabilize?

Comment 3 Sam James archtester

2020-06-05 23:43:21 UTC

@maintainer(s): going ahead, but let us know if there's a problem.

(In reply to Adam Purkrt from comment #2)
> Hi, just wanted to add that we've been running sssd-2.2.3 for three months
> now (necessitated by bug #709632), without any issues.

Thank you!

Comment 4 Mikle Kolyada (RETIRED) archtester

2020-10-10 11:33:13 UTC

bug 728894 is not a regression

Comment 5 Mikle Kolyada (RETIRED) archtester

2020-10-10 11:36:28 UTC

amd64/x86 stable

Comment 6 Mikle Kolyada (RETIRED) archtester

2020-10-10 11:42:10 UTC

GLSA vote: no.