Lucene search
K

50 matches found

Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.15 views

EulerOS 2.0 SP8 : sssd (EulerOS-SA-2023-1610)

According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - sssd: libssscertmap fails to sanitise certificate data used in LDAP filters CVE-2022-4254 Note that Tenable Network Security has extracted the...

8.8CVSS6.7AI score0.0095EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/04/13 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2023-1610)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.0095EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.57 views

Amazon Linux 2 : sssd (ALAS-2023-1995)

The version of sssd installed on the remote host is prior to 1.16.5-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1995 advisory. A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an...

8.8CVSS6.6AI score0.0095EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.34 views

SUSE SLES12: libipa_hbac-devel / libipa_hbac0 / libsss_certmap0 / etc (SUSE-SU-2023:0301-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0301-1 advisory. - CVE-2022-4254: Fixed a bug in libssscertmap which could allow an attacker to gain control of the admin account and perform a full domain...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References5
OSV
OSV
added 2023/02/01 5:15 p.m.26 views

CVE-2022-4254

sssd: libssscertmap fails to sanitise certificate data used in LDAP filters...

8.8CVSS8.5AI score0.0095EPSS
Exploits1References5
Prion
Prion
added 2023/02/01 5:15 p.m.21 views

Design/Logic Flaw

sssd: libssscertmap fails to sanitise certificate data used in LDAP filters...

6.5CVSS8.3AI score0.0095EPSS
Exploits1References5Affected Software13
OSV
OSV
added 2023/02/01 5:15 p.m.1 views

UBUNTU-CVE-2022-4254

sssd: libssscertmap fails to sanitise certificate data used in LDAP filters...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References4
CVE
CVE
added 2023/02/01 12:0 a.m.368 views

CVE-2022-4254

CVE-2022-4254 concerns sssd’s libsss_certmap, where certificate data used in LDAP filters is not sanitized, enabling LDAP filter injection. Public disclosures and advisories (e.g., Debian DLA 3436-1/3436-2, ALAS2-2023-1995, ALAS-2023-1723) indicate the issue can lead to privilege escalation or ad...

8.8CVSS8.4AI score0.0095EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/01 12:0 a.m.5 views

The vulnerability of the libsss_certmap package from the access control service for remote directories and the sssd authentication mechanism allows a perpetrator to increase their privileges.

The vulnerability of the libssscertmap package, a service for managing access to remote directories and an authentication mechanism for sssd, is related to the inability to clear certificate data when using LDAP filtering. Exploiting this vulnerability could allow a malicious actor to increase...

10CVSS6.6AI score0.0095EPSS
Exploits1References10Affected Software10
Debian CVE
Debian CVE
added 2023/02/01 12:0 a.m.39 views

CVE-2022-4254

sssd: libssscertmap fails to sanitise certificate data used in LDAP filters...

8.8CVSS7AI score0.0095EPSS
Exploits1
Cent OS
Cent OS
added 2023/01/30 4:43 p.m.975 views

libipa_hbac, libsss_autofs, libsss_certmap, libsss_idmap, libsss_nss_idmap, libsss_simpleifp, libsss_sudo, python, sssd security update

CentOS Errata and Security Advisory CESA-2023:0403 An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/01/28 12:0 a.m.34 views

SUSE SLES12: libipa_hbac0 / libsss_certmap0 / libsss_idmap-devel / libsss_idmap0 / etc (SUSE-SU-2023:0200-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0200-1 advisory. - CVE-2022-4254: Fixed a bug in libssscertmap which could allow an attacker to gain control of the admin account and perform a full domain...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/01/28 12:0 a.m.32 views

SUSE SLES15: libipa_hbac-devel / libipa_hbac0 / libsss_certmap-devel / etc (SUSE-SU-2023:0204-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0204-1 advisory. - CVE-2022-4254: Fixed a bug in libssscertmap which could allow an attacker to gain control of the admin account and perform a full domain...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/01/24 3:14 p.m.5 views

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...

8.8CVSS7.2AI score0.0095EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/01/24 8:49 a.m.37 views

Important: Red Hat Security Advisory: sssd security update

An update for sssd is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/01/24 8:5 a.m.58 views

CVE-2022-4254

A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...

8.8CVSS8.8AI score0.0095EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.32 views

RHEL 8 : sssd (RHSA-2023:0397)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0397 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.20 views

Oracle Linux 7 : sssd (ELSA-2023-0403)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0403 advisory. 1.16.5-10.0.3 - Revert Redhat's change of disallowing duplicated incomplete gid when 'idprovider=ldap' is used, which caused regression in AD environment. Orabu...

8.8CVSS6.7AI score0.0095EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.66 views

RHEL 7 : sssd (RHSA-2023:0403)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0403 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2019-0395)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.8AI score0.01122EPSS
Exploits0References4
Rows per page
Query Builder