Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Scientific Linux SL7.x Advisory 2015:2184-7 Moderate: realmd Update

Scientific Large Esm H446
Moderate: realmd security, bug fix, and enhancement update
Date: Mon, 21 Dec 2015 23:16:31 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: realmd on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20151221231631.18997.25247@slpackages.fnal.gov>

Synopsis: Moderate: realmd security, bug fix, and enhancement update
Advisory ID: SLSA-2015:2184-7
Issue Date: 2015-11-19
CVE Numbers: CVE-2015-2704
--

A flaw was found in the way realmd parsed certain input when writing
configuration into the sssd.conf or smb.conf file. A remote attacker could
use this flaw to inject arbitrary configurations into these files via a
newline character in an LDAP response. (CVE-2015-2704)

It was found that the realm client would try to automatically join an
active directory domain without authentication, which could potentially
lead to privilege escalation within a specified domain.

The realmd packages have been upgraded to upstream version 0.16.1, which
provides a number of bug fixes and enhancements over the previous version.

This update also fixes the following bugs:

* Joining a Scientific Linux machine to a domain using the realm utility
creates /home/domainname/[username]/ directories for domain users.
Previously, SELinux labeled the domain users' directories incorrectly. As
a consequence, the domain users sometimes experienced problems with
SELinux policy. This update modifies the realmd service default behavior
so that the domain users' directories are compatible with the standard
SELinux policy.

* Previously, the realm utility was unable to join or discover domains
with domain names containing underscore (_). The realmd service has been
modified to process underscores in domain names correctly, which fixes the
described bug.

In addition, this update adds the following enhancement:

* The realmd utility now allows the user to disable automatic ID mapping
from the command line. To disable the mapping, pass the "--automatic-id-
mapping=no" option to the realmd utility.
--

SL7
 x86_64
 realmd-0.16.1-5.el7.x86_64.rpm
 realmd-debuginfo-0.16.1-5.el7.x86_64.rpm
 realmd-devel-docs-0.16.1-5.el7.x86_64.rpm

- Scientific Linux Development Team