Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 699864 (CVE-2018-16838) - <sys-auth/sssd-2.2.0-r1: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)
Summary: <sys-auth/sssd-2.2.0-r1: improper implementation of GPOs due to too restricti...
Status: RESOLVED FIXED
Alias: CVE-2018-16838
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks: 709632
  Show dependency tree
 
Reported: 2019-11-11 18:17 UTC by GLSAMaker/CVETool Bot
Modified: 2020-10-10 11:42 UTC (History)
4 users (show)

See Also:
Package list:
=sys-auth/sssd-2.2.0-r1
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-11-11 18:17:39 UTC 
CVE-2018-16838 (https://nvd.nist.gov/vuln/detail/CVE-2018-16838):
  A flaw was found in sssd Group Policy Objects implementation. When the GPO
  is not readable by SSSD due to a too strict permission settings on the
  server side, SSSD will allow all authenticated users to login instead of
  denying access.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-02 22:04:16 UTC 
@maintainer(s): ping, ready for stabilisation?
Comment 2 Adam Purkrt 2020-05-19 11:45:07 UTC 
Hi, just wanted to add that we've been running sssd-2.2.3 for three months now (necessitated by bug #709632), without any issues.

Perhaps good enough to stabilize?
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-05 23:43:21 UTC 
@maintainer(s): going ahead, but let us know if there's a problem.

(In reply to Adam Purkrt from comment #2)
> Hi, just wanted to add that we've been running sssd-2.2.3 for three months
> now (necessitated by bug #709632), without any issues.

Thank you!
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-10-10 11:33:13 UTC 
bug 728894 is not a regression
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-10-10 11:36:28 UTC 
amd64/x86 stable
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-10-10 11:42:10 UTC 
GLSA vote: no.