5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
46.8%
Issue Overview:
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838)
A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return ‘/’ (the root directory) instead of ‘’ (the empty string / no home directory). This could impact services that restrict the user’s filesystem access to within their home directory through chroot().(CVE-2019-3811)
Affected Packages:
sssd
Issue Correction:
Run yum update sssd to update your system.
New Packages:
i686:
sssd-libwbclient-1.16.4-21.25.amzn1.i686
libsss_sudo-1.16.4-21.25.amzn1.i686
sssd-winbind-idmap-1.16.4-21.25.amzn1.i686
sssd-ldap-1.16.4-21.25.amzn1.i686
libsss_simpleifp-1.16.4-21.25.amzn1.i686
sssd-krb5-common-1.16.4-21.25.amzn1.i686
sssd-dbus-1.16.4-21.25.amzn1.i686
sssd-common-pac-1.16.4-21.25.amzn1.i686
sssd-libwbclient-devel-1.16.4-21.25.amzn1.i686
libsss_certmap-devel-1.16.4-21.25.amzn1.i686
libsss_simpleifp-devel-1.16.4-21.25.amzn1.i686
python27-libsss_nss_idmap-1.16.4-21.25.amzn1.i686
sssd-common-1.16.4-21.25.amzn1.i686
libsss_autofs-1.16.4-21.25.amzn1.i686
sssd-tools-1.16.4-21.25.amzn1.i686
sssd-ipa-1.16.4-21.25.amzn1.i686
sssd-ad-1.16.4-21.25.amzn1.i686
python27-sss-1.16.4-21.25.amzn1.i686
libsss_idmap-1.16.4-21.25.amzn1.i686
sssd-1.16.4-21.25.amzn1.i686
libipa_hbac-1.16.4-21.25.amzn1.i686
sssd-client-1.16.4-21.25.amzn1.i686
libipa_hbac-devel-1.16.4-21.25.amzn1.i686
libsss_nss_idmap-1.16.4-21.25.amzn1.i686
sssd-proxy-1.16.4-21.25.amzn1.i686
sssd-debuginfo-1.16.4-21.25.amzn1.i686
libsss_certmap-1.16.4-21.25.amzn1.i686
libsss_idmap-devel-1.16.4-21.25.amzn1.i686
python27-libipa_hbac-1.16.4-21.25.amzn1.i686
sssd-krb5-1.16.4-21.25.amzn1.i686
libsss_nss_idmap-devel-1.16.4-21.25.amzn1.i686
python27-sss-murmur-1.16.4-21.25.amzn1.i686
noarch:
python27-sssdconfig-1.16.4-21.25.amzn1.noarch
src:
sssd-1.16.4-21.25.amzn1.src
x86_64:
sssd-tools-1.16.4-21.25.amzn1.x86_64
sssd-ipa-1.16.4-21.25.amzn1.x86_64
sssd-krb5-1.16.4-21.25.amzn1.x86_64
libsss_simpleifp-devel-1.16.4-21.25.amzn1.x86_64
sssd-winbind-idmap-1.16.4-21.25.amzn1.x86_64
sssd-1.16.4-21.25.amzn1.x86_64
sssd-libwbclient-devel-1.16.4-21.25.amzn1.x86_64
libsss_idmap-1.16.4-21.25.amzn1.x86_64
libsss_nss_idmap-devel-1.16.4-21.25.amzn1.x86_64
libipa_hbac-1.16.4-21.25.amzn1.x86_64
sssd-debuginfo-1.16.4-21.25.amzn1.x86_64
libipa_hbac-devel-1.16.4-21.25.amzn1.x86_64
libsss_nss_idmap-1.16.4-21.25.amzn1.x86_64
libsss_sudo-1.16.4-21.25.amzn1.x86_64
python27-libsss_nss_idmap-1.16.4-21.25.amzn1.x86_64
python27-sss-murmur-1.16.4-21.25.amzn1.x86_64
libsss_autofs-1.16.4-21.25.amzn1.x86_64
sssd-common-pac-1.16.4-21.25.amzn1.x86_64
sssd-ldap-1.16.4-21.25.amzn1.x86_64
sssd-client-1.16.4-21.25.amzn1.x86_64
python27-libipa_hbac-1.16.4-21.25.amzn1.x86_64
sssd-libwbclient-1.16.4-21.25.amzn1.x86_64
python27-sss-1.16.4-21.25.amzn1.x86_64
sssd-krb5-common-1.16.4-21.25.amzn1.x86_64
sssd-ad-1.16.4-21.25.amzn1.x86_64
sssd-dbus-1.16.4-21.25.amzn1.x86_64
libsss_certmap-1.16.4-21.25.amzn1.x86_64
sssd-proxy-1.16.4-21.25.amzn1.x86_64
sssd-common-1.16.4-21.25.amzn1.x86_64
libsss_certmap-devel-1.16.4-21.25.amzn1.x86_64
libsss_simpleifp-1.16.4-21.25.amzn1.x86_64
libsss_idmap-devel-1.16.4-21.25.amzn1.x86_64
Red Hat: CVE-2018-16838, CVE-2019-3811
Mitre: CVE-2018-16838, CVE-2019-3811
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | sssd-libwbclient | < 1.16.4-21.25.amzn1 | sssd-libwbclient-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libsss_sudo | < 1.16.4-21.25.amzn1 | libsss_sudo-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-winbind-idmap | < 1.16.4-21.25.amzn1 | sssd-winbind-idmap-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-ldap | < 1.16.4-21.25.amzn1 | sssd-ldap-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libsss_simpleifp | < 1.16.4-21.25.amzn1 | libsss_simpleifp-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-krb5-common | < 1.16.4-21.25.amzn1 | sssd-krb5-common-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-dbus | < 1.16.4-21.25.amzn1 | sssd-dbus-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-common-pac | < 1.16.4-21.25.amzn1 | sssd-common-pac-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-libwbclient-devel | < 1.16.4-21.25.amzn1 | sssd-libwbclient-devel-1.16.4-21.25.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libsss_certmap-devel | < 1.16.4-21.25.amzn1 | libsss_certmap-devel-1.16.4-21.25.amzn1.i686.rpm |
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
46.8%