[Pkg-sssd-devel] Bug#935528: sssd: Using sssd together with winbind causes authentication DoS
Heiko Wundram
modelnine at modelnine.org
Fri Aug 23 16:28:00 BST 2019
Source: sssd
Severity: important
Tags: patch upstream
Dear Maintainer,
using sssd together with winbind when both services target different authentication
sources (e.g. sssd for LDAP, winbind for AD-domain) leads to an authentication/NSS
DoS due to incorrect recursive NSS calls of sssd for users unknown to both
authentication providers. Upstream has patched the corresponding issues in #3963
and #3964, with backports for 1.16.x attached to the issues (and prepared
for inclusion in the Debian patch framework attached to this report).
Please consider including the corresponding patches in the Debian distribution of
sssd.
-- System Information:
Debian Release: 10.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patches.tar
Type: application/x-tar
Size: 122880 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20190823/eb2376fb/attachment-0001.tar>
More information about the Pkg-sssd-devel
mailing list