CVE-2017-12173 – sssd: unsanitized input when searching in local cache database
https://notcve.org/view.php?id=CVE-2017-12173
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. Se ha encontrado que la función sysdb_search_user_by_upn_res() de sssd en versiones anteriores a la 1.16.0 no saneaba las peticiones al consultar su caché local y era vulnerable a inyecciones. En un entorno de inicio de sesión centralizado, si un hash de contraseña se almacenaba en la caché local de un usuario determinado, un atacante autenticado podía utilizar este error para recuperarlo. It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. • https://access.redhat.com/errata/RHSA-2017:3379 https://access.redhat.com/errata/RHSA-2018:1877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173 https://access.redhat.com/security/cve/CVE-2017-12173 https://bugzilla.redhat.com/show_bug.cgi?id=1498173 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5292 – sssd: memory leak in the sssd_pac_plugin
https://notcve.org/view.php?id=CVE-2015-5292
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. Fuga de memoria en el plugin en Privilege Attribute Certificate (PAC) responder (sssd_pac_plugin.so) en System Security Services Daemon (SSSD) 1.10 en versiones anteriores a 1.13.1 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria) a través de un gran número de logins que desencadenan análisis gramaticales de blobs de PAC durante la autenticación Kerberos. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422 http://rhn.redhat.com/errata/RHSA-2015-2019.html http://rhn.redhat.com/errata/RHSA-2015-2355.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.sec • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2014-0249
https://notcve.org/view.php?id=CVE-2014-0249
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. System Security Services Daemon (SSSD) 1.11.6 no identifica debidamente la pertenencia a un grupo cuando un grupo no POSIX esté en una cadena de pertenencia a grupo, lo que permite a usuarios locales evadir restricciones de acceso a través de vectores no especificados. • https://bugzilla.redhat.com/show_bug.cgi?id=1101751 https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0287 – sssd: simple access provider flaw prevents intended ACL use when client to an AD provider
https://notcve.org/view.php?id=CVE-2013-0287
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. El Simple Access Provider en System Security Services Daemon (SSSD) v1.9.0 hasta v1.9.4, cuando usa el proveedor de Active Directory, no se aplica correctamente la opción simple_deny_groups, lo que permite a usuarios remotos autenticados para eludir restricciones de acceso previstos. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef http://git.fedorahosted.org/cgit/sssd.git/patch/? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0220 – sssd: Out-of-bounds read flaws in autofs and ssh services responders
https://notcve.org/view.php?id=CVE-2013-0220
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet. La función (1) sss_autofs_cmd_getautomntent y (2) sss_autofs_cmd_getautomntbyname en responder/autofs/autofssrv_cmd.c y la función (3) ssh_cmd_parse_request en responder/ssh/sshsrv_cmd.c en System Security Services Daemon (SSSD) anterior a v1.9.4 permite a atacantes remotos generar una denegación de servicio (lectura fuera de los límites, caída y reinicio) mediante una paquete SSSD especialmente diseñado. • http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html http://rhn.redhat.com/errata/RHSA-2013-0508.html http://secunia.com/advisories/51928 http://secunia.com/advisories/52315 http://www.securityfocus.com/bid/57539 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •