CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 2CVE-2022-4254 – sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
https://notcve.org/view.php?id=CVE-2022-4254
24 Jan 2023 — sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authentication request to the corresponding principal. The mapping filter is vulnerable to LDAP filter injection. The search result can be i... • https://access.redhat.com/security/cve/CVE-2022-4254 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-3621 – sssd: shell command injection in sssctl
https://notcve.org/view.php?id=CVE-2021-3621
16 Aug 2021 — A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en SSSD, donde el comando sssctl era vulnerable a la inyección de comandos de shell por medio de los... • https://bugzilla.redhat.com/show_bug.cgi?id=1975142 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2012-3462
https://notcve.org/view.php?id=CVE-2012-3462
26 Dec 2019 — A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. Se encontró un fallo en SSSD versión 1.9.0. La lógica del proveedor de acceso de SSSD causa que el resultado del procesamiento de la regla HBAC sea ignorado en la situación en que el proveedor de acceso también esté manejando la configuración del contexto de usuario SELinux del... • https://access.redhat.com/security/cve/cve-2012-3462 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16838 – sssd: improper implementation of GPOs due to too restrictive permissions
https://notcve.org/view.php?id=CVE-2018-16838
25 Mar 2019 — A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. Se ha encontrado un error en la implementación de sssd Group Policy Objects. Cuando el GPO no puede ser leído por SSSD debido a ajustes de permisos demasiado estrictos del lado del servidor, SSSD permitirá que todos los usuarios autenticados inicien sesión, en lugar de denegar... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 5.2EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3811 – sssd: fallback_homedir returns '/' for empty home directories in passwd file
https://notcve.org/view.php?id=CVE-2019-3811
15 Jan 2019 — A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. Se ha encontrado una vulnerabilidad en sssd. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16883
https://notcve.org/view.php?id=CVE-2018-16883
19 Dec 2018 — sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. sssd, desde la versión 1.13.0 hasta antes de la 2.0.0, no restringió correctamente el acceso a la infopipe según el parámetro de configuración "allowed_uids". Si se almacena información sensible en el directorio de usuario, esto podría divulgarse... • http://www.securityfocus.com/bid/106264 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10852 – sssd: information leak from the sssd-sudo responder
https://notcve.org/view.php?id=CVE-2018-10852
26 Jun 2018 — The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. El pipe de Unix que utiliza sudo para contactar SSSD y leer las reglas sudo disponibles desde SSSD tiene permisos demasiado laxos, lo que significa que cualquiera que pueda enviar un mensaje utilizando el ... • http://www.securityfocus.com/bid/104547 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-12173 – sssd: unsanitized input when searching in local cache database
https://notcve.org/view.php?id=CVE-2017-12173
04 Dec 2017 — It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. Se ha encontrado que la función sysdb_search_user_by_upn_res() de sssd en versiones anteriores a la 1.16.0 no saneaba las peticiones al consultar su caché local y era vulnerable a inyeccione... • https://access.redhat.com/errata/RHSA-2017:3379 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 0CVE-2015-5292 – sssd: memory leak in the sssd_pac_plugin
https://notcve.org/view.php?id=CVE-2015-5292
29 Oct 2015 — Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. Fuga de memoria en el plugin en Privilege Attribute Certificate (PAC) responder (sssd_pac_plugin.so) en System Security Services Daemon (SSSD) 1.10 en versiones anteriores a 1.1... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0249
https://notcve.org/view.php?id=CVE-2014-0249
11 Jun 2014 — The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. System Security Services Daemon (SSSD) 1.11.6 no identifica debidamente la pertenencia a un grupo cuando un grupo no POSIX esté en una cadena de pertenencia a grupo, lo que permite a usuarios locales evadir restricciones de acceso a través de vectores no especificados. • https://bugzilla.redhat.com/show_bug.cgi?id=1101751 • CWE-264: Permissions, Privileges, and Access Controls •