Total
17 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3811 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Sssd and 2 more | 2024-11-21 | 2.7 LOW | 5.2 MEDIUM |
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. | |||||
CVE-2018-16883 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 2.1 LOW | 2.5 LOW |
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. | |||||
CVE-2018-16838 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | |||||
CVE-2018-10852 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Sssd, Enterprise Linux Desktop and 2 more | 2024-11-21 | 5.0 MEDIUM | 3.8 LOW |
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. | |||||
CVE-2017-12173 | 2 Fedoraproject, Redhat | 6 Sssd, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. | |||||
CVE-2015-5292 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 6.8 MEDIUM | N/A |
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. | |||||
CVE-2014-0249 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2024-11-21 | 3.3 LOW | N/A |
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. | |||||
CVE-2013-0287 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 4.9 MEDIUM | N/A |
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. | |||||
CVE-2013-0220 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 5.0 MEDIUM | N/A |
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet. | |||||
CVE-2013-0219 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2024-11-21 | 3.7 LOW | N/A |
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. | |||||
CVE-2012-3462 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. | |||||
CVE-2011-1758 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 3.7 LOW | N/A |
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. | |||||
CVE-2010-4341 | 2 Fedorahosted, Fedoraproject | 2 Sssd, Sssd | 2024-11-21 | 2.1 LOW | N/A |
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. | |||||
CVE-2010-2940 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 5.1 MEDIUM | N/A |
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password. | |||||
CVE-2010-0014 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 3.7 LOW | N/A |
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. | |||||
CVE-2021-3621 | 2 Fedoraproject, Redhat | 8 Fedora, Sssd, Enterprise Linux and 5 more | 2024-03-04 | 9.3 HIGH | 8.8 HIGH |
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2022-4254 | 2 Fedoraproject, Redhat | 13 Sssd, Enterprise Linux, Enterprise Linux Desktop and 10 more | 2024-02-28 | N/A | 8.8 HIGH |
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters |