AmazonALAS2-2019-1343Medium: sssd
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.6 Medium
AI Score
Confidence
High
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
46.8%
Issue Overview:
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838)
A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return ‘/’ (the root directory) instead of ‘’ (the empty string / no home directory). This could impact services that restrict the user’s filesystem access to within their home directory through chroot().(CVE-2019-3811)
Affected Packages:
sssd
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update sssd to update your system.
New Packages:
aarch64:
sssd-1.16.4-21.amzn2.aarch64
sssd-common-1.16.4-21.amzn2.aarch64
sssd-client-1.16.4-21.amzn2.aarch64
libsss_sudo-1.16.4-21.amzn2.aarch64
libsss_autofs-1.16.4-21.amzn2.aarch64
sssd-tools-1.16.4-21.amzn2.aarch64
python-sss-1.16.4-21.amzn2.aarch64
python-sss-murmur-1.16.4-21.amzn2.aarch64
sssd-ldap-1.16.4-21.amzn2.aarch64
sssd-krb5-common-1.16.4-21.amzn2.aarch64
sssd-krb5-1.16.4-21.amzn2.aarch64
sssd-common-pac-1.16.4-21.amzn2.aarch64
sssd-ipa-1.16.4-21.amzn2.aarch64
sssd-ad-1.16.4-21.amzn2.aarch64
sssd-proxy-1.16.4-21.amzn2.aarch64
libsss_idmap-1.16.4-21.amzn2.aarch64
libsss_idmap-devel-1.16.4-21.amzn2.aarch64
libipa_hbac-1.16.4-21.amzn2.aarch64
libipa_hbac-devel-1.16.4-21.amzn2.aarch64
python-libipa_hbac-1.16.4-21.amzn2.aarch64
libsss_nss_idmap-1.16.4-21.amzn2.aarch64
libsss_nss_idmap-devel-1.16.4-21.amzn2.aarch64
python-libsss_nss_idmap-1.16.4-21.amzn2.aarch64
sssd-dbus-1.16.4-21.amzn2.aarch64
sssd-polkit-rules-1.16.4-21.amzn2.aarch64
libsss_simpleifp-1.16.4-21.amzn2.aarch64
libsss_simpleifp-devel-1.16.4-21.amzn2.aarch64
sssd-libwbclient-1.16.4-21.amzn2.aarch64
sssd-libwbclient-devel-1.16.4-21.amzn2.aarch64
sssd-winbind-idmap-1.16.4-21.amzn2.aarch64
libsss_certmap-1.16.4-21.amzn2.aarch64
libsss_certmap-devel-1.16.4-21.amzn2.aarch64
sssd-kcm-1.16.4-21.amzn2.aarch64
sssd-debuginfo-1.16.4-21.amzn2.aarch64
i686:
sssd-1.16.4-21.amzn2.i686
sssd-common-1.16.4-21.amzn2.i686
sssd-client-1.16.4-21.amzn2.i686
libsss_sudo-1.16.4-21.amzn2.i686
libsss_autofs-1.16.4-21.amzn2.i686
sssd-tools-1.16.4-21.amzn2.i686
python-sss-1.16.4-21.amzn2.i686
python-sss-murmur-1.16.4-21.amzn2.i686
sssd-ldap-1.16.4-21.amzn2.i686
sssd-krb5-common-1.16.4-21.amzn2.i686
sssd-krb5-1.16.4-21.amzn2.i686
sssd-common-pac-1.16.4-21.amzn2.i686
sssd-ipa-1.16.4-21.amzn2.i686
sssd-ad-1.16.4-21.amzn2.i686
sssd-proxy-1.16.4-21.amzn2.i686
libsss_idmap-1.16.4-21.amzn2.i686
libsss_idmap-devel-1.16.4-21.amzn2.i686
libipa_hbac-1.16.4-21.amzn2.i686
libipa_hbac-devel-1.16.4-21.amzn2.i686
python-libipa_hbac-1.16.4-21.amzn2.i686
libsss_nss_idmap-1.16.4-21.amzn2.i686
libsss_nss_idmap-devel-1.16.4-21.amzn2.i686
python-libsss_nss_idmap-1.16.4-21.amzn2.i686
sssd-dbus-1.16.4-21.amzn2.i686
sssd-polkit-rules-1.16.4-21.amzn2.i686
libsss_simpleifp-1.16.4-21.amzn2.i686
libsss_simpleifp-devel-1.16.4-21.amzn2.i686
sssd-libwbclient-1.16.4-21.amzn2.i686
sssd-libwbclient-devel-1.16.4-21.amzn2.i686
sssd-winbind-idmap-1.16.4-21.amzn2.i686
libsss_certmap-1.16.4-21.amzn2.i686
libsss_certmap-devel-1.16.4-21.amzn2.i686
sssd-kcm-1.16.4-21.amzn2.i686
sssd-debuginfo-1.16.4-21.amzn2.i686
noarch:
python-sssdconfig-1.16.4-21.amzn2.noarch
src:
sssd-1.16.4-21.amzn2.src
x86_64:
sssd-1.16.4-21.amzn2.x86_64
sssd-common-1.16.4-21.amzn2.x86_64
sssd-client-1.16.4-21.amzn2.x86_64
libsss_sudo-1.16.4-21.amzn2.x86_64
libsss_autofs-1.16.4-21.amzn2.x86_64
sssd-tools-1.16.4-21.amzn2.x86_64
python-sss-1.16.4-21.amzn2.x86_64
python-sss-murmur-1.16.4-21.amzn2.x86_64
sssd-ldap-1.16.4-21.amzn2.x86_64
sssd-krb5-common-1.16.4-21.amzn2.x86_64
sssd-krb5-1.16.4-21.amzn2.x86_64
sssd-common-pac-1.16.4-21.amzn2.x86_64
sssd-ipa-1.16.4-21.amzn2.x86_64
sssd-ad-1.16.4-21.amzn2.x86_64
sssd-proxy-1.16.4-21.amzn2.x86_64
libsss_idmap-1.16.4-21.amzn2.x86_64
libsss_idmap-devel-1.16.4-21.amzn2.x86_64
libipa_hbac-1.16.4-21.amzn2.x86_64
libipa_hbac-devel-1.16.4-21.amzn2.x86_64
python-libipa_hbac-1.16.4-21.amzn2.x86_64
libsss_nss_idmap-1.16.4-21.amzn2.x86_64
libsss_nss_idmap-devel-1.16.4-21.amzn2.x86_64
python-libsss_nss_idmap-1.16.4-21.amzn2.x86_64
sssd-dbus-1.16.4-21.amzn2.x86_64
sssd-polkit-rules-1.16.4-21.amzn2.x86_64
libsss_simpleifp-1.16.4-21.amzn2.x86_64
libsss_simpleifp-devel-1.16.4-21.amzn2.x86_64
sssd-libwbclient-1.16.4-21.amzn2.x86_64
sssd-libwbclient-devel-1.16.4-21.amzn2.x86_64
sssd-winbind-idmap-1.16.4-21.amzn2.x86_64
libsss_certmap-1.16.4-21.amzn2.x86_64
libsss_certmap-devel-1.16.4-21.amzn2.x86_64
sssd-kcm-1.16.4-21.amzn2.x86_64
sssd-debuginfo-1.16.4-21.amzn2.x86_64
Additional References
Red Hat: CVE-2018-16838, CVE-2019-3811
Mitre: CVE-2018-16838, CVE-2019-3811
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | sssd | < 1.16.4-21.amzn2 | sssd-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | sssd-common | < 1.16.4-21.amzn2 | sssd-common-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | sssd-client | < 1.16.4-21.amzn2 | sssd-client-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libsss_sudo | < 1.16.4-21.amzn2 | libsss_sudo-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libsss_autofs | < 1.16.4-21.amzn2 | libsss_autofs-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | sssd-tools | < 1.16.4-21.amzn2 | sssd-tools-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python-sss | < 1.16.4-21.amzn2 | python-sss-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python-sss-murmur | < 1.16.4-21.amzn2 | python-sss-murmur-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | sssd-ldap | < 1.16.4-21.amzn2 | sssd-ldap-1.16.4-21.amzn2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | sssd-krb5-common | < 1.16.4-21.amzn2 | sssd-krb5-common-1.16.4-21.amzn2.aarch64.rpm |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.6 Medium
AI Score
Confidence
High
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
46.8%