Important: sssd

Issue Overview: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access...

Amazon Linux AMI : sssd (ALAS-2021-1542)

The version of sssd installed on the remote host is prior to 1.16.4-21.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1542 advisory. A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...

SUSE-RU-2021:3185-1 Recommended update for sssd

This update for sssd fixes the following issues: - Fix a dependency loop by moving internal libraries to sssd-common package. bsc1182058 - Moved sssctl command from sssd to sssd-tools package. bsc1184289 - Create timestamp attribute in cache objects if missing. bsc1182637 - Fix watchdog not...

Debian DLA-2758-1 : sssd - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2758 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows an attacke...

CentOS 8 : sssd (CESA-2021:3151)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:3151 advisory. - sssd: shell command injection in sssctl CVE-2021-3621 Note that Nessus has not tested for this issue but has instead relied only on the application's...

SUSE: Security Advisory (SUSE-SU-2021:2941-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for sssd (openSUSE-SU-2021:2941-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2021:2941-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2941-1 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands...

OPENSUSE-SU-2021:2941-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492. - Add LDAPS support for the AD provider bsc1183735. - Improve logs to record the reason why internal watchdog terminates a process...

Security update for sssd (important)

openSUSE Security Update: Security update for sssd Announcement ID: openSUSE-SU-2021:2941-1 Rating: important References: 1183735 1187120 1189492 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 SUSE: 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3...

Oracle Linux 7 : sssd (ELSA-2021-3336)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3336 advisory. 1.16.5-10.0.1 - Revert Redhat's change of disallowing duplicated incomplete gid when 'idprovider=ldap' is used, which caused regression in AD environment. Orabu...

libipa_hbac, libsss_autofs, libsss_certmap, libsss_idmap, libsss_nss_idmap, libsss_simpleifp, libsss_sudo, python, sssd security update

CentOS Errata and Security Advisory CESA-2021:3336 An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : sssd (RHSA-2021:3365)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3365 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...

RHEL 7 : sssd (RHSA-2021:3336)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3336 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...

Scientific Linux Security Update : sssd on SL7.x i686/x86_64 (2021:3336)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:3336-1 advisory. - sssd: shell command injection in sssctl CVE-2021-3621 Note that Nessus has not tested for this issue but has instead relied only on the application's...

Important: Red Hat Security Advisory: sssd security and bug fix update

An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2021:2873-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2873-1 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...

SUSE: Security Advisory (SUSE-SU-2021:2873-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2873-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492...