MISP 命令注入漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A command injection vulnerability exists in MISP, which originates in the product...

Debian DLA-2758-1 : sssd - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2758 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows an attacke...

CentOS 8 : sssd (CESA-2021:3151)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:3151 advisory. - sssd: shell command injection in sssctl CVE-2021-3621 Note that Nessus has not tested for this issue but has instead relied only on the application's...

FlatCore CMS 2.0.7 Remote Code Execution

Exploit Title: FlatCore CMS 2.0.7 - Remote Code Execution RCE Authenticated Date: 04/10/2021 Exploit Author: Mason Soroka-Gill @sgizoid Vendor Homepage: https://flatcore.org/ Software Link: https://github.com/flatCore/flatCore-CMS/archive/refs/tags/v2.0.7.tar.gz Version: 2.0.7 Tested on: Ubuntu...

SUSE: Security Advisory (SUSE-SU-2021:2941-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2021:2941-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2941-1 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands...

openSUSE: Security Advisory for sssd (openSUSE-SU-2021:2941-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:2941-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492. - Add LDAPS support for the AD provider bsc1183735. - Improve logs to record the reason why internal watchdog terminates a process...

Security update for sssd (important)

openSUSE Security Update: Security update for sssd Announcement ID: openSUSE-SU-2021:2941-1 Rating: important References: 1183735 1187120 1189492 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 SUSE: 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3...

Oracle Linux 7 : sssd (ELSA-2021-3336)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3336 advisory. 1.16.5-10.0.1 - Revert Redhat's change of disallowing duplicated incomplete gid when 'idprovider=ldap' is used, which caused regression in AD environment. Orabu...

libipa_hbac, libsss_autofs, libsss_certmap, libsss_idmap, libsss_nss_idmap, libsss_simpleifp, libsss_sudo, python, sssd security update

CentOS Errata and Security Advisory CESA-2021:3336 An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 7 : sssd (RHSA-2021:3336)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3336 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...

RHEL 8 : sssd (RHSA-2021:3365)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3365 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...

Scientific Linux Security Update : sssd on SL7.x i686/x86_64 (2021:3336)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:3336-1 advisory. - sssd: shell command injection in sssctl CVE-2021-3621 Note that Nessus has not tested for this issue but has instead relied only on the application's...

Important: Red Hat Security Advisory: sssd security and bug fix update

An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2021:2873-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2873-1 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...

SUSE: Security Advisory (SUSE-SU-2021:2873-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2873-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...