41 matches found
MiracleLinux 7 : sssd-1.16.2-13.el7 (AXSA:2019-3678:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3678:01 advisory. sssd: information leak from the sssd-sudo responder CVE-2018-10852 Tenable has extracted the preceding description block directly from the MiracleLinux...
Linux Distros Unpatched Vulnerability : CVE-2018-10852
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a messa...
RHEL 6 : sssd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sssd: information leak from the sssd-sudo responder CVE-2018-10852 - sssd versions from 1.13.0 to before...
Mageia: Security Advisory (MGASA-2018-0350)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-5067-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5067-1: SSSD vulnerabilities
Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. CVE-2018-10852 It was discovered that SSSD incorrectly handled Group Policy Objects. Whe...
SUSE: Security Advisory (SUSE-SU-2018:2144-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0081-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2019-1193)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2018-1403)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Vulnerability (NS-SA-2019-0067)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sssd packages installed that are affected by a vulnerability: - The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a...
EulerOS Virtualization for ARM 64 3.0.1.0 : sssd (EulerOS-SA-2019-1411)
According to the versions of the sssd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of...
EulerOS Virtualization 2.5.4 : sssd (EulerOS-SA-2019-1193)
According to the version of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions...
openSUSE Security Update : sssd (openSUSE-2019-574)
This update for sssd fixes the following security issue : - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenabl...
SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:0556-1)
This update for sssd fixes the following issues : Security vulnerabilities addressed : Fix fallbackhomedir returning '/' for empty home directories CVE-2019-3811 bsc1121759 Create sockets with right permissions bsc1098377, CVE-2018-10852 Other bug fixes and changes: Install logrotate configuratio...
Amazon Linux AMI : sssd (ALAS-2018-1127)
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. CVE-2018-10852 C Tenable Network...
Low: sssd
Issue Overview: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. CVE-2018-10852...
openSUSE: Security Advisory for sssd (openSUSE-SU-2019:0051-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:0081-1)
This update for sssd provides the following fixes : This security issue was fixed : CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377 The update package also includes non-security fixes. See advisory for...
SUSE-SU-2019:0081-1 Security update for sssd
This update for sssd provides the following fixes: This security issue was fixed: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377 These non-security issues were fixed: - Fix a segmentation fault in ssscac...