CVE-2012-3462
https://notcve.org/view.php?id=CVE-2012-3462
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. Se encontró un fallo en SSSD versión 1.9.0. La lógica del proveedor de acceso de SSSD causa que el resultado del procesamiento de la regla HBAC sea ignorado en la situación en que el proveedor de acceso también esté manejando la configuración del contexto de usuario SELinux del usuario. • https://access.redhat.com/security/cve/cve-2012-3462 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462 https://pagure.io/SSSD/sssd/issue/1470 • CWE-287: Improper Authentication •
CVE-2019-3811 – sssd: fallback_homedir returns '/' for empty home directories in passwd file
https://notcve.org/view.php?id=CVE-2019-3811
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. Se ha encontrado una vulnerabilidad en sssd. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html http://www.securityfocus.com/bid/106644 https://access.redhat.com/errata/RHSA-2019:2177 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811 https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html https://access.redhat.com/security/cve/CVE-2019-3811 htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVE-2018-10852 – sssd: information leak from the sssd-sudo responder
https://notcve.org/view.php?id=CVE-2018-10852
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. El pipe de Unix que utiliza sudo para contactar SSSD y leer las reglas sudo disponibles desde SSSD tiene permisos demasiado laxos, lo que significa que cualquiera que pueda enviar un mensaje utilizando el mismo protocolo raw que utilizan sudo y SSSD puede leer reglas sudo disponibles para cualquier usuario. Esto afecta a las versiones SSSD en versiones anteriores a la 1.16.3. The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. • http://www.securityfocus.com/bid/104547 https://access.redhat.com/errata/RHSA-2018:3158 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852 https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html https://access.redhat.com/security/cve/CVE-2018-10852 https://bugzilla.redhat.com/show_bug.cgi?id=1588810 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-12173 – sssd: unsanitized input when searching in local cache database
https://notcve.org/view.php?id=CVE-2017-12173
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. Se ha encontrado que la función sysdb_search_user_by_upn_res() de sssd en versiones anteriores a la 1.16.0 no saneaba las peticiones al consultar su caché local y era vulnerable a inyecciones. En un entorno de inicio de sesión centralizado, si un hash de contraseña se almacenaba en la caché local de un usuario determinado, un atacante autenticado podía utilizar este error para recuperarlo. It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. • https://access.redhat.com/errata/RHSA-2017:3379 https://access.redhat.com/errata/RHSA-2018:1877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173 https://access.redhat.com/security/cve/CVE-2017-12173 https://bugzilla.redhat.com/show_bug.cgi?id=1498173 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-0287 – sssd: simple access provider flaw prevents intended ACL use when client to an AD provider
https://notcve.org/view.php?id=CVE-2013-0287
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. El Simple Access Provider en System Security Services Daemon (SSSD) v1.9.0 hasta v1.9.4, cuando usa el proveedor de Active Directory, no se aplica correctamente la opción simple_deny_groups, lo que permite a usuarios remotos autenticados para eludir restricciones de acceso previstos. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef http://git.fedorahosted.org/cgit/sssd.git/patch/? • CWE-264: Permissions, Privileges, and Access Controls •