From $URL :
Multiple vulnerabilities have been reported in SSSD, which can be exploited by malicious people to
cause a DoS (Denial of Service).
The vulnerabilities are caused due to out-of-bounds read errors within the
"sss_autofs_cmd_getautomntent()" and "sss_autofs_cmd_getautomntbyname()" functions in
src/responder/autofs/autofssrv_cmd.c and the "ssh_cmd_parse_request()" function in
src/responder/ssh/sshsrv_cmd.c, which can be exploited to cause a crash by sending specially
crafted packages to SSSD.
NOTE: Additionally, a race condition weakness exists when handling directory trees, which can lead
to modification of the directory tree.
The vulnerabilities are reported in version 1.9.3. Other versions may also be affected.
Fixed in the repository.
Further details available to Secunia VIM customers
Provided and/or discovered by
Florian Weimer, Red Hat Product Security Team
upstream relozed new, 1.9.4, version:
A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions when creating or removing home directories for users in local domain
A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads in autofs and ssh responder
Proxy, please bump from 1.9.2 to 1.9.4 and remove all other 1.9.x ebuild.
Bumped, vulnerable versions cleaned.
Arches, please test and mark stable:
Target keywords : "amd64 x86"
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2)
copying, or (3) removing a user home directory tree, allows local users to
create, modify, or delete arbitrary files via a symlink attack on another
GLSA vote: no.
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname
function in responder/autofs/autofssrv_cmd.c and the (3)
ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System
Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause
a denial of service (out-of-bounds read, crash, and restart) via a crafted
GLSA vote: no, closing noglsa.