Updated sssd packages fix security vulnerability

🗓️ 23 Aug 2018 23:35:07Reported by Gentoo FoundationType

Updated sssd packages fix security vulnerability: The UNIX socket that is used for communication between the sudo utility and the sssd-sudo responder had its permissions set to world-readable and writable, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user (CVE-2018-10852

Reporter	Title	Published	Views	Family All 75
Tenable Nessus	Amazon Linux 2 : sssd (ALAS-2018-1127)	20 Dec 201800:00	–	nessus
Tenable Nessus	Amazon Linux AMI : sssd (ALAS-2018-1127)	25 Jan 201900:00	–	nessus
Tenable Nessus	CentOS 7 : sssd (CESA-2018:3158)	16 Nov 201800:00	–	nessus
Tenable Nessus	Debian DLA-1429-1 : sssd security update	17 Jul 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : sssd (EulerOS-SA-2018-1403)	10 Dec 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : sssd (EulerOS-SA-2018-1429)	28 Dec 201800:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.5.4 : sssd (EulerOS-SA-2019-1193)	9 Apr 201900:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.1.0 : sssd (EulerOS-SA-2019-1411)	14 May 201900:00	–	nessus
Tenable Nessus	MiracleLinux 7 : sssd-1.16.2-13.el7 (AXSA:2019-3678:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Vulnerability (NS-SA-2019-0067)	12 Aug 201900:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	6	any	sssd	1.13.4-9.2	sssd-1.13.4-9.2.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/XUCDLKDVH7HZKPSJ7GEJAVNZS5CW35EK/
lists	www.lists.opensuse.org/opensuse-updates/2018-08/msg00071.html

23 Aug 2018 23:35Current

1.9Low risk

Vulners AI Score1.9

CVSS 25

CVSS 33.8 - 7.5

EPSS0.01519