12 April,16 at 11:07 AM
Vulnerability Summary:
/usr/share/centrifydc/libexec/adsetgroups is a setuid root utility and is used on older UNIX systems (such as Solaris, AIX, HPUX, etc) where the system is only able to support smaller sets ( 16 ) of groups per user. Working in conjuction with a large customer, Centrify has discovered a bug in the adsetgroups utility that may result in data leakage in certain circumstances.
Acknowledgements:
Affected Products:
Customer Mitigation:
This tool is not commonly used anymore and new systems such as Linux do not have the small group set limitation. For users who do not use this tool (e.g. not using an older UNIX system), Centrify recommends removing the adsetgroups utility or, as an alternative, removing the setuid bit on the executable using “chmod -s”. This command can be pushed via group policy or through Deployment Manager. Please refer to KB-4825 for additional details.
Resolution:
This has been fixed in the refreshed version of Centrify Suite 2014.1
Centrify recommends customers to follow the steps from the Mitigation plan above and/or upgrade to the current release of 2014.1 as soon as possible. The release is available on the Download Center.
For assistance or questions open a case with Centrify Support on the Portal.
For further information on Centrify Security Policies:
http://www.centrify.com/support/product-security-policies.asp