8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
48.8%
Issue Overview:
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3621)
Affected Packages:
sssd
Issue Correction:
Run yum update sssd to update your system.
New Packages:
i686:
sssd-libwbclient-devel-1.16.4-21.26.amzn1.i686
sssd-proxy-1.16.4-21.26.amzn1.i686
libsss_certmap-devel-1.16.4-21.26.amzn1.i686
libsss_certmap-1.16.4-21.26.amzn1.i686
sssd-winbind-idmap-1.16.4-21.26.amzn1.i686
sssd-ad-1.16.4-21.26.amzn1.i686
libsss_nss_idmap-devel-1.16.4-21.26.amzn1.i686
libsss_nss_idmap-1.16.4-21.26.amzn1.i686
sssd-dbus-1.16.4-21.26.amzn1.i686
sssd-krb5-common-1.16.4-21.26.amzn1.i686
libsss_sudo-1.16.4-21.26.amzn1.i686
libipa_hbac-devel-1.16.4-21.26.amzn1.i686
sssd-libwbclient-1.16.4-21.26.amzn1.i686
python27-libsss_nss_idmap-1.16.4-21.26.amzn1.i686
sssd-1.16.4-21.26.amzn1.i686
python27-sss-1.16.4-21.26.amzn1.i686
libsss_simpleifp-1.16.4-21.26.amzn1.i686
sssd-tools-1.16.4-21.26.amzn1.i686
libsss_autofs-1.16.4-21.26.amzn1.i686
python27-libipa_hbac-1.16.4-21.26.amzn1.i686
python27-sss-murmur-1.16.4-21.26.amzn1.i686
libsss_idmap-devel-1.16.4-21.26.amzn1.i686
libsss_simpleifp-devel-1.16.4-21.26.amzn1.i686
sssd-common-1.16.4-21.26.amzn1.i686
sssd-ipa-1.16.4-21.26.amzn1.i686
libsss_idmap-1.16.4-21.26.amzn1.i686
sssd-debuginfo-1.16.4-21.26.amzn1.i686
sssd-ldap-1.16.4-21.26.amzn1.i686
sssd-common-pac-1.16.4-21.26.amzn1.i686
libipa_hbac-1.16.4-21.26.amzn1.i686
sssd-client-1.16.4-21.26.amzn1.i686
sssd-krb5-1.16.4-21.26.amzn1.i686
noarch:
python27-sssdconfig-1.16.4-21.26.amzn1.noarch
src:
sssd-1.16.4-21.26.amzn1.src
x86_64:
python27-libsss_nss_idmap-1.16.4-21.26.amzn1.x86_64
libsss_simpleifp-1.16.4-21.26.amzn1.x86_64
sssd-libwbclient-devel-1.16.4-21.26.amzn1.x86_64
libsss_certmap-1.16.4-21.26.amzn1.x86_64
sssd-common-pac-1.16.4-21.26.amzn1.x86_64
libsss_simpleifp-devel-1.16.4-21.26.amzn1.x86_64
sssd-client-1.16.4-21.26.amzn1.x86_64
python27-sss-1.16.4-21.26.amzn1.x86_64
sssd-krb5-1.16.4-21.26.amzn1.x86_64
sssd-1.16.4-21.26.amzn1.x86_64
libsss_idmap-devel-1.16.4-21.26.amzn1.x86_64
libipa_hbac-1.16.4-21.26.amzn1.x86_64
sssd-libwbclient-1.16.4-21.26.amzn1.x86_64
sssd-tools-1.16.4-21.26.amzn1.x86_64
sssd-krb5-common-1.16.4-21.26.amzn1.x86_64
libsss_autofs-1.16.4-21.26.amzn1.x86_64
libsss_idmap-1.16.4-21.26.amzn1.x86_64
sssd-winbind-idmap-1.16.4-21.26.amzn1.x86_64
libsss_nss_idmap-1.16.4-21.26.amzn1.x86_64
libsss_certmap-devel-1.16.4-21.26.amzn1.x86_64
sssd-ad-1.16.4-21.26.amzn1.x86_64
sssd-ipa-1.16.4-21.26.amzn1.x86_64
python27-sss-murmur-1.16.4-21.26.amzn1.x86_64
libsss_nss_idmap-devel-1.16.4-21.26.amzn1.x86_64
sssd-common-1.16.4-21.26.amzn1.x86_64
sssd-debuginfo-1.16.4-21.26.amzn1.x86_64
sssd-dbus-1.16.4-21.26.amzn1.x86_64
libipa_hbac-devel-1.16.4-21.26.amzn1.x86_64
sssd-proxy-1.16.4-21.26.amzn1.x86_64
python27-libipa_hbac-1.16.4-21.26.amzn1.x86_64
sssd-ldap-1.16.4-21.26.amzn1.x86_64
libsss_sudo-1.16.4-21.26.amzn1.x86_64
Red Hat: CVE-2021-3621
Mitre: CVE-2021-3621
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
48.8%