Fedora 11 Update: sssd-0.4.1-3.fc11
Summary
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
Update Information:
If a user was added to the SSSD BE database without setting a password, the user could ssh to the SSSD configured client and enter any password to gain access. This update resolves this issue so users with no password set are no longer able to login.
Change Log
* Wed Jul 29 2009 Jakub Hrozek
References
[ 1 ] Bug #514057 - CVE-2009-2410 If internal sssd user has no password set, the user can ssh to the sssd client with any supplied password https://bugzilla.redhat.com/show_bug.cgi?id=514057
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update sssd' at the command line. For more information, refer to "Managing Software with yum", available at .