CVE-2022-4254 – sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
https://notcve.org/view.php?id=CVE-2022-4254
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authentication request to the corresponding principal. The mapping filter is vulnerable to LDAP filter injection. The search result can be influenced by values in the certificate, which may be attacker controlled. • https://access.redhat.com/security/cve/CVE-2022-4254 https://bugzilla.redhat.com/show_bug.cgi?id=2149894 https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 https://github.com/SSSD/sssd/issues/5135 https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVE-2021-3621 – sssd: shell command injection in sssctl
https://notcve.org/view.php?id=CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en SSSD, donde el comando sssctl era vulnerable a la inyección de comandos de shell por medio de los subcomandos logs-fetch y cache-expire. Este fallo permite a un atacante engañar al usuario root para que ejecute un comando sssctl especialmente diseñado, por ejemplo por medio de sudo, para conseguir acceso de root. • https://bugzilla.redhat.com/show_bug.cgi?id=1975142 https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html https://sssd.io/release-notes/sssd-2.6.0.html https://access.redhat.com/security/cve/CVE-2021-3621 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-3462
https://notcve.org/view.php?id=CVE-2012-3462
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. Se encontró un fallo en SSSD versión 1.9.0. La lógica del proveedor de acceso de SSSD causa que el resultado del procesamiento de la regla HBAC sea ignorado en la situación en que el proveedor de acceso también esté manejando la configuración del contexto de usuario SELinux del usuario. • https://access.redhat.com/security/cve/cve-2012-3462 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462 https://pagure.io/SSSD/sssd/issue/1470 • CWE-287: Improper Authentication •
CVE-2018-16838 – sssd: improper implementation of GPOs due to too restrictive permissions
https://notcve.org/view.php?id=CVE-2018-16838
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. Se ha encontrado un error en la implementación de sssd Group Policy Objects. Cuando el GPO no puede ser leído por SSSD debido a ajustes de permisos demasiado estrictos del lado del servidor, SSSD permitirá que todos los usuarios autenticados inicien sesión, en lugar de denegar el acceso. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html https://access.redhat.com/errata/RHSA-2019:2177 https://access.redhat.com/errata/RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:3651 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838 https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html https://access.redhat.com/security/cve/CVE-2018-16838 https:/ • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVE-2019-3811 – sssd: fallback_homedir returns '/' for empty home directories in passwd file
https://notcve.org/view.php?id=CVE-2019-3811
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. Se ha encontrado una vulnerabilidad en sssd. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html http://www.securityfocus.com/bid/106644 https://access.redhat.com/errata/RHSA-2019:2177 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811 https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html https://access.redhat.com/security/cve/CVE-2019-3811 htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •