vulnerability in sssd 1.5.0+ (CVE-2011-1758)

[Vincent Danen <vdanen () redhat com>]

Hello all.

Anyone shipping sssd 1.5.0 or higher will want to be aware of a flaw
that was found in how it handled cached passwords when renewal kerberos
tickets is enabled (this is a new feature in 1.5.0).  Due to a bug, the
cached password was overwritten with a (moderately) predictable
filename, which could allow a user to authenticate as someone else if
they knew the name of the cache file (under some pretty specific
conditions).

We've assigned the name CVE-2011-1758 to this issue and it is now fixed
upstream.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=700867
http://git.fedorahosted.org/git/?p=sssd.git;a=commitdiff;h=fffdae81651b460f3d2c119c56d5caa09b4de42a

--
Vincent Danen / Red Hat Security Response Team