Upstream information

CVE-2013-0287 at MITRE

Description

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

SUSE information

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 4.93 4.93
Vector AV:N/AC:M/Au:S/C:P/I:P/A:N AV:N/AC:M/Au:S/C:P/I:P/A:N
Access Vector Network Network
Access Complexity Medium Medium
Authentication Single Single
Confidentiality Impact Partial Partial
Integrity Impact Partial Partial
Availability Impact None None
SUSE Bugzilla entry: 809153 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libipa_hbac0 >= 1.11.5.1-5.20
  • libsss_idmap0 >= 1.11.5.1-5.20
  • python-sssd-config >= 1.11.5.1-5.20
  • sssd >= 1.11.5.1-5.20
  • sssd-32bit >= 1.11.5.1-5.20
  • sssd-ad >= 1.11.5.1-5.20
  • sssd-ipa >= 1.11.5.1-5.20
  • sssd-krb5 >= 1.11.5.1-5.20
  • sssd-krb5-common >= 1.11.5.1-5.20
  • sssd-ldap >= 1.11.5.1-5.20
  • sssd-proxy >= 1.11.5.1-5.20
  • sssd-tools >= 1.11.5.1-5.20
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libipa_hbac0
SUSE Linux Enterprise Desktop 12 SP1
  • libipa_hbac0 >= 1.11.5.1-14.1
  • libsss_idmap0 >= 1.11.5.1-14.1
  • libsss_sudo >= 1.11.5.1-14.1
  • python-sssd-config >= 1.11.5.1-14.1
  • sssd >= 1.11.5.1-14.1
  • sssd-32bit >= 1.11.5.1-14.1
  • sssd-ad >= 1.11.5.1-14.1
  • sssd-ipa >= 1.11.5.1-14.1
  • sssd-krb5 >= 1.11.5.1-14.1
  • sssd-krb5-common >= 1.11.5.1-14.1
  • sssd-ldap >= 1.11.5.1-14.1
  • sssd-proxy >= 1.11.5.1-14.1
  • sssd-tools >= 1.11.5.1-14.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libipa_hbac0
SUSE Linux Enterprise Desktop 12 SP2
  • libipa_hbac0 >= 1.13.4-18.10
  • libsss_idmap0 >= 1.13.4-18.10
  • libsss_sudo >= 1.13.4-18.10
  • python-sssd-config >= 1.13.4-18.10
  • sssd >= 1.13.4-18.10
  • sssd-32bit >= 1.13.4-18.10
  • sssd-ad >= 1.13.4-18.10
  • sssd-ipa >= 1.13.4-18.10
  • sssd-krb5 >= 1.13.4-18.10
  • sssd-krb5-common >= 1.13.4-18.10
  • sssd-ldap >= 1.13.4-18.10
  • sssd-proxy >= 1.13.4-18.10
  • sssd-tools >= 1.13.4-18.10
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libipa_hbac0
SUSE Linux Enterprise Server 11 SP3
  • libsss_idmap0 >= 1.9.4-0.12.24
  • python-sssd-config >= 1.9.4-0.12.24
  • sssd >= 1.9.4-0.12.24
  • sssd-32bit >= 1.9.4-0.12.24
  • sssd-tools >= 1.9.4-0.12.24
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libsss_idmap0
SUSE Linux Enterprise Server 11 SP4
  • libsss_idmap0 >= 1.9.4-0.16.1
  • python-sssd-config >= 1.9.4-0.16.1
  • sssd >= 1.9.4-0.16.1
  • sssd-32bit >= 1.9.4-0.16.1
  • sssd-tools >= 1.9.4-0.16.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libsss_idmap0
SUSE Linux Enterprise Server 12
  • libipa_hbac0 >= 1.11.5.1-5.20
  • libsss_idmap0 >= 1.11.5.1-5.20
  • python-sssd-config >= 1.11.5.1-5.20
  • sssd >= 1.11.5.1-5.20
  • sssd-32bit >= 1.11.5.1-5.20
  • sssd-ad >= 1.11.5.1-5.20
  • sssd-ipa >= 1.11.5.1-5.20
  • sssd-krb5 >= 1.11.5.1-5.20
  • sssd-krb5-common >= 1.11.5.1-5.20
  • sssd-ldap >= 1.11.5.1-5.20
  • sssd-proxy >= 1.11.5.1-5.20
  • sssd-tools >= 1.11.5.1-5.20
Patchnames:
SUSE Linux Enterprise Server 12 GA libipa_hbac0
SUSE Linux Enterprise Server 12 SP1
  • libipa_hbac0 >= 1.11.5.1-14.1
  • libsss_idmap0 >= 1.11.5.1-14.1
  • libsss_sudo >= 1.11.5.1-14.1
  • python-sssd-config >= 1.11.5.1-14.1
  • sssd >= 1.11.5.1-14.1
  • sssd-32bit >= 1.11.5.1-14.1
  • sssd-ad >= 1.11.5.1-14.1
  • sssd-ipa >= 1.11.5.1-14.1
  • sssd-krb5 >= 1.11.5.1-14.1
  • sssd-krb5-common >= 1.11.5.1-14.1
  • sssd-ldap >= 1.11.5.1-14.1
  • sssd-proxy >= 1.11.5.1-14.1
  • sssd-tools >= 1.11.5.1-14.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libipa_hbac0
SUSE Linux Enterprise Server 12 SP2
  • libipa_hbac0 >= 1.13.4-18.10
  • libsss_idmap0 >= 1.13.4-18.10
  • libsss_sudo >= 1.13.4-18.10
  • python-sssd-config >= 1.13.4-18.10
  • sssd >= 1.13.4-18.10
  • sssd-32bit >= 1.13.4-18.10
  • sssd-ad >= 1.13.4-18.10
  • sssd-ipa >= 1.13.4-18.10
  • sssd-krb5 >= 1.13.4-18.10
  • sssd-krb5-common >= 1.13.4-18.10
  • sssd-ldap >= 1.13.4-18.10
  • sssd-proxy >= 1.13.4-18.10
  • sssd-tools >= 1.13.4-18.10
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libipa_hbac0
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libipa_hbac0 >= 1.13.4-18.10
  • libsss_idmap0 >= 1.13.4-18.10
  • libsss_sudo >= 1.13.4-18.10
  • python-sssd-config >= 1.13.4-18.10
  • sssd >= 1.13.4-18.10
  • sssd-ad >= 1.13.4-18.10
  • sssd-ipa >= 1.13.4-18.10
  • sssd-krb5 >= 1.13.4-18.10
  • sssd-krb5-common >= 1.13.4-18.10
  • sssd-ldap >= 1.13.4-18.10
  • sssd-proxy >= 1.13.4-18.10
  • sssd-tools >= 1.13.4-18.10
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libipa_hbac0
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libsss_idmap-devel >= 1.9.4-0.16.1
  • libsss_sudo-devel >= 1.9.4-0.16.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libsss_idmap-devel
SUSE Linux Enterprise Software Development Kit 12
  • libipa_hbac-devel >= 1.11.5.1-5.20
  • libsss_idmap-devel >= 1.11.5.1-5.20
  • libsss_nss_idmap-devel >= 1.11.5.1-5.20
  • libsss_nss_idmap0 >= 1.11.5.1-5.20
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libipa_hbac-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libipa_hbac-devel >= 1.11.5.1-14.1
  • libsss_idmap-devel >= 1.11.5.1-14.1
  • libsss_nss_idmap-devel >= 1.11.5.1-14.1
  • libsss_nss_idmap0 >= 1.11.5.1-14.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libipa_hbac-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libipa_hbac-devel >= 1.13.4-18.10
  • libsss_idmap-devel >= 1.13.4-18.10
  • libsss_nss_idmap-devel >= 1.13.4-18.10
  • libsss_nss_idmap0 >= 1.13.4-18.10
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libipa_hbac-devel
openSUSE 12.3
  • libipa_hbac-devel >= 1.9.4-1.9.1
  • libipa_hbac0 >= 1.9.4-1.9.1
  • libipa_hbac0-debuginfo >= 1.9.4-1.9.1
  • libsss_idmap-devel >= 1.9.4-1.9.1
  • libsss_idmap0 >= 1.9.4-1.9.1
  • libsss_idmap0-debuginfo >= 1.9.4-1.9.1
  • libsss_sudo >= 1.9.4-1.9.1
  • libsss_sudo-debuginfo >= 1.9.4-1.9.1
  • python-ipa_hbac >= 1.9.4-1.9.1
  • python-ipa_hbac-debuginfo >= 1.9.4-1.9.1
  • python-sssd-config >= 1.9.4-1.9.1
  • python-sssd-config-debuginfo >= 1.9.4-1.9.1
  • sssd >= 1.9.4-1.9.1
  • sssd-32bit >= 1.9.4-1.9.1
  • sssd-debuginfo >= 1.9.4-1.9.1
  • sssd-debuginfo-32bit >= 1.9.4-1.9.1
  • sssd-debugsource >= 1.9.4-1.9.1
  • sssd-ipa-provider >= 1.9.4-1.9.1
  • sssd-ipa-provider-debuginfo >= 1.9.4-1.9.1
  • sssd-tools >= 1.9.4-1.9.1
  • sssd-tools-debuginfo >= 1.9.4-1.9.1
Patchnames:
openSUSE-2013-264
openSUSE 13.2
  • libsss_idmap0 >= 1.12.0-3.1.10
  • libsss_nss_idmap0 >= 1.12.0-3.1.10
  • sssd >= 1.12.0-3.1.10
  • sssd-32bit >= 1.12.0-3.1.10
  • sssd-krb5-common >= 1.12.0-3.1.10
  • sssd-ldap >= 1.12.0-3.1.10
Patchnames:
openSUSE 13.2 GA libsss_idmap0
openSUSE Leap 42.1
  • libsss_idmap0 >= 1.11.5.1-5.1
  • sssd >= 1.11.5.1-5.1
  • sssd-32bit >= 1.11.5.1-5.1
  • sssd-krb5-common >= 1.11.5.1-5.1
  • sssd-ldap >= 1.11.5.1-5.1
Patchnames:
openSUSE Leap 42.1 GA libsss_idmap0
openSUSE Leap 42.2
  • libsss_idmap0 >= 1.13.4-1.5
  • libsss_sudo >= 1.13.4-1.5
  • sssd >= 1.13.4-1.5
  • sssd-32bit >= 1.13.4-1.5
  • sssd-krb5-common >= 1.13.4-1.5
  • sssd-ldap >= 1.13.4-1.5
Patchnames:
openSUSE Leap 42.2 GA libsss_idmap0
openSUSE Tumbleweed
  • libipa_hbac-devel >= 1.14.2-3.1
  • libipa_hbac0 >= 1.14.2-3.1
  • libnfsidmap-sss >= 1.14.2-3.1
  • libsss_idmap-devel >= 1.14.2-3.1
  • libsss_idmap0 >= 1.14.2-3.1
  • libsss_nss_idmap-devel >= 1.14.2-3.1
  • libsss_nss_idmap0 >= 1.14.2-3.1
  • libsss_simpleifp-devel >= 1.14.2-3.1
  • libsss_simpleifp0 >= 1.14.2-3.1
  • python-ipa_hbac >= 1.14.2-3.1
  • python-sss-murmur >= 1.14.2-3.1
  • python-sss_nss_idmap >= 1.14.2-3.1
  • python-sssd-config >= 1.14.2-3.1
  • python3-ipa_hbac >= 1.14.2-3.1
  • python3-sss-murmur >= 1.14.2-3.1
  • python3-sss_nss_idmap >= 1.14.2-3.1
  • python3-sssd-config >= 1.14.2-3.1
  • sssd >= 1.14.2-3.1
  • sssd-32bit >= 1.14.2-3.1
  • sssd-ad >= 1.14.2-3.1
  • sssd-dbus >= 1.14.2-3.1
  • sssd-ipa >= 1.14.2-3.1
  • sssd-krb5 >= 1.14.2-3.1
  • sssd-krb5-common >= 1.14.2-3.1
  • sssd-ldap >= 1.14.2-3.1
  • sssd-proxy >= 1.14.2-3.1
  • sssd-tools >= 1.14.2-3.1
  • sssd-wbclient >= 1.14.2-3.1
  • sssd-wbclient-devel >= 1.14.2-3.1
  • sssd-winbind-idmap >= 1.14.2-3.1
Patchnames:
openSUSE Tumbleweed GA libipa_hbac-devel