Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4825: adsetgroups vulnerability

Authentication Service ,  

12 April,16 at 11:07 AM

 

Vulnerability Summary:

/usr/share/centrifydc/libexec/adsetgroups is a setuid root utility and is used on older UNIX systems (such as Solaris, AIX, HPUX, etc) where the system is only able to support smaller sets ( 16 ) of groups per user. Working in conjuction with a large customer, Centrify has discovered a bug in the adsetgroups utility that may result in data leakage in certain circumstances.

Acknowledgements:

  • Centrify would like to thank Travis Emmert for working with us in reporting the issue and protecting our customers.

Affected Products:

  • Centrify Server Suite 2008 through Centrify Server Suite 2014.1 
  • Centrify DirectControl 3.x.x through 4.2.0 (which were shipped prior to Centrify Server Suite 2008)

Customer Mitigation:

This tool is not commonly used anymore and new systems such as Linux do not have the small group set limitation. For users who do not use this tool (e.g. not using an older UNIX system), Centrify recommends removing the adsetgroups utility or, as an alternative, removing the setuid bit on the executable using “chmod -s”. This command can be pushed via group policy or through Deployment Manager. Please refer to KB-4825 for additional details.

Resolution:

This has been fixed in the refreshed version of Centrify Suite 2014.1

Centrify recommends customers to follow the steps from the Mitigation plan above and/or upgrade to the current release of 2014.1 as soon as possible. The release is available on the Download Center.

For assistance or questions open a case with Centrify Support on the Portal.

For further information on Centrify Security Policies:
http://www.centrify.com/support/product-security-policies.asp

 

Related Articles

 articleKB-39695: Does vulnerability CVE-2020-1472 affect Centrify? articleKB-47815: Is Centrify affected by sudo vulnerability in CVE-2021-3156 articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-41091: Does OpenSSH 7.9p1 CVE-2019-16905 vulnerability affect adclient? articleKB-22420: Centrify Agent for Windows - Remote Code Execution Vulnerability articleKB-11841: SCP Vulnerability for Centrify Linux Agent articleKB-11357: Why Does the Postgres Database Certificate Installed with Customer Managed PAS, Generate a Vulnerability Alert When Scanned? articleKB-7865: Centrify Customer Advisory - Security Vulnerability with some Stored Procedures in DirectAudit database articleKB-22334: Is Centrify dzdo affected by vulnerability CVE-2019-14287?