13 matches found
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf
...
CVE-2023-3758
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Mitigation A mitigation can be applied to the sssd.conf file that would make t...
EulerOS Virtualization 2.9.0 : sudo (EulerOS-SA-2024-1478)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in sudo in the handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo...
EulerOS Virtualization 2.9.1 : sudo (EulerOS-SA-2024-1463)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in sudo in the handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo...
EulerOS 2.0 SP9 : sudo (EulerOS-SA-2024-1187)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in sudo in the handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads...
Improper Privilege Management
sudo is vulnerable to Improper Privilege Management. The vulnerability is caused due to a flaw in handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo. This results in client hosts retain privileges even after retracting them leading to privilege...
CVE-2023-7090
A flaw was found in sudo in the handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them...
Medium: realmd
Issue Overview: A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response. Affected Packages: realmd...
AZL-36985 CVE-2015-2704 affecting package realmd 0.17.1-1
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...
CVE-2015-2704
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...
Cross site scripting
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...
CVE-2015-2704
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...
CVE-2015-2704
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...