78 matches found
SUSE CVE-2010-4341
The pamparseindatav2 function in src/responder/pam/pamsrvcmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service infinite loop, crash, and login prevention via a crafted packet...
SUSE CVE-2011-1758
The krb5saveccnamedone function in providers/krb5/krb5auth.c in System Security Services Daemon SSSD 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by...
SUSE CVE-2013-0219
System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files...
sssd: shell command injection in sssctl
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...
UBUNTU-CVE-2012-3462
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context...
SSSD Information Disclosure Vulnerability (CNVD-2019-02525)
SSSD is a daemon for managing access to remote directories and authentication mechanisms. An information disclosure vulnerability exists in versions of SSSD prior to 2.1, which can be exploited by an attacker to disclose information...
UBUNTU-CVE-2019-3811
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the empty string / no home directory. This could impact services that restrict the user's filesystem access to within their home directory through chroot...
UBUNTU-CVE-2018-16883
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...
sssd: information leak from the sssd-sudo responder
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user...
DEBIAN-CVE-2017-12173
It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...
DEBIAN-CVE-2018-10852
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...
sssd: unsanitized input when searching in local cache database
It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve ...
sssd: memory leak in the sssd_pac_plugin
It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...
sssd: incorrect expansion of group membership when encountering a non-POSIX group
The System Security Services Daemon SSSD 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors...
UBUNTU-CVE-2014-0249
The System Security Services Daemon SSSD 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors...
PT-2015-6836 · Red Hat +2 · Sssd +3
Name of the Vulnerable Software and Affected Versions: System Security Services Daemon SSSD versions 1.10 through 1.13.0 Description: The issue is related to a memory leak in the Privilege Attribute Certificate PAC responder plugin, which can be triggered by remote authenticated users through a...
UBUNTU-CVE-2013-0287
The Simple Access Provider in System Security Services Daemon SSSD 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simpledenygroups option, which allows remote authenticated users to bypass intended access restrictions...
DEBIAN-CVE-2013-0220
The 1 sssautofscmdgetautomntent and 2 sssautofscmdgetautomntbyname function in responder/autofs/autofssrvcmd.c and the 3 sshcmdparserequest function in responder/ssh/sshsrvcmd.c in System Security Services Daemon SSSD before 1.9.4 allow remote attackers to cause a denial of service out-of-bounds...