RHEL 6 : sssd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sssd: shell command injection in sssctl CVE-2021-3621 - The UNIX pipe which sudo uses to contact SSSD and...

SUSE CVE-2018-16883

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...

UBUNTU-CVE-2018-16883

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...

CVE-2018-16883

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...

Design/Logic Flaw

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...

CVE-2018-16883

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...