From $URL : Description Multiple vulnerabilities have been reported in SSSD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to out-of-bounds read errors within the "sss_autofs_cmd_getautomntent()" and "sss_autofs_cmd_getautomntbyname()" functions in src/responder/autofs/autofssrv_cmd.c and the "ssh_cmd_parse_request()" function in src/responder/ssh/sshsrv_cmd.c, which can be exploited to cause a crash by sending specially crafted packages to SSSD. NOTE: Additionally, a race condition weakness exists when handling directory trees, which can lead to modification of the directory tree. The vulnerabilities are reported in version 1.9.3. Other versions may also be affected. Solution Fixed in the repository. Further details available to Secunia VIM customers Provided and/or discovered by Florian Weimer, Red Hat Product Security Team Original Advisory https://fedorahosted.org/sssd/ticket/1781 https://fedorahosted.org/sssd/ticket/1782
upstream relozed new, 1.9.4, version: A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions when creating or removing home directories for users in local domain A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads in autofs and ssh responder Proxy, please bump from 1.9.2 to 1.9.4 and remove all other 1.9.x ebuild. Thank's
Bumped, vulnerable versions cleaned.
Arches, please test and mark stable: =sys-auth/sssd-1.8.6 Target keywords : "amd64 x86"
amd64 stable
x86 stable
CVE-2013-0219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0219): System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
GLSA vote: no.
CVE-2013-0220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0220): The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.
GLSA vote: no, closing noglsa.