Lucene search
+L
FedoraprojectSssd

19 matches found

CVE
CVE
•added 2021/12/23 12:0 a.m.•1006 views

CVE-2021-3621

SSSD is affected by CVE-2021-3621. The sssctl command (logs-fetch and cache-expire) is vulnerable to shell command injection, enabling an attacker to trick root (e.g., via sudo) into running a crafted sssctl command to gain root privileges. Advisories from Astra Linux, Debian LTS, Gentoo and Amaz...

9.3CVSS8.8AI score0.02524EPSS
CVE
CVE
•added 2018/06/26 2:0 p.m.•437 views

CVE-2018-10852

CVE-2018-10852 describes an information-leak vulnerability in the sssd-sudo responder. The UNIX pipe used by sudo to contact SSSD and read available sudo rules from SSSD has overly broad permissions, allowing a user who can communicate over the same raw protocol to read the sudo rules for any use...

7.5CVSS6AI score0.01519EPSS
CVE
CVE
•added 2023/02/01 12:0 a.m.•372 views

CVE-2022-4254

CVE-2022-4254 concerns sssd’s libsss_certmap, where certificate data used in LDAP filters is not sanitized, enabling LDAP filter injection. Public disclosures and advisories (e.g., Debian DLA 3436-1/3436-2, ALAS2-2023-1995, ALAS-2023-1723) indicate the issue can lead to privilege escalation or ad...

8.8CVSS8.4AI score0.0095EPSS
CVE
CVE
•added 2018/07/27 4:0 p.m.•369 views

CVE-2017-12173

CVE-2017-12173 affects sssd: the sysdb_search_user_by_upn_res() function did not sanitize requests when querying the local cache, with versions before 1.16.0 vulnerable to injection. In centralized login environments, if a password hash is cached for a user, an authenticated attacker could retrie...

8.8CVSS8.4AI score0.01499EPSS
CVE
CVE
•added 2019/03/25 5:41 p.m.•230 views

CVE-2018-16838

CVE-2018-16838 describes a flaw in the sssd Group Policy Objects (GPOs) handling. If the GPOs are not readable because of overly strict server-side permissions, SSSD erroneously allows all authenticated users to log in instead of denying access. The connected documents (e.g., MiracleLinux AXSA ad...

5.5CVSS5.2AI score0.01102EPSS
CVE
CVE
•added 2019/01/15 3:0 p.m.•223 views

CVE-2019-3811

CVE-2019-3811 affects sssd: if a user has no home directory, sssd returns '/' instead of '', potentially allowing access beyond the user’s home dir. Affected are all versions prior to 2.1. Public advisories (e.g., Debian LTS DLA-3436-1) indicate a patch is available in newer sssd packages; remedi...

5.2CVSS5.2AI score0.00696EPSS
CVE
CVE
•added 2024/04/18 7:6 p.m.•204 views

CVE-2023-3758

CVE-2023-3758 affects the System Security Services Daemon (SSSD). A race condition causes GPO policy to be inconsistently applied for authenticated users, leading to improper authorization (granting or denying access). Publicly referenced advisories confirm this issue across multiple distribution...

7.1CVSS5.9AI score0.01033EPSS
CVE
CVE
•added 2013/03/21 4:0 p.m.•146 views

CVE-2013-0287

CVE-2013-0287 affects System Security Services Daemon (SSSD) when using the Active Directory provider. The Simple Access Provider in SSSD 1.9.0–1.9.4 does not properly enforce the simple_deny_groups option, allowing remote authenticated users to bypass access restrictions. Connected advisories/pa...

4.9CVSS6AI score0.02154EPSS
CVE
CVE
•added 2011/01/25 12:0 a.m.•121 views

CVE-2010-4341

CVE-2010-4341 affects the PAM responder in SSSD (pam_parse_in_data_v2 in src/responder/pam/pamsrv_cmd.c) and can be exploited locally by crafting a packet to cause a denial of service (infinite loop, crash, login prevention) in SSSD 1.5.0, 1.4.x, and 1.3. Connected advisories confirm fixes for th...

2.1CVSS5.8AI score0.00486EPSS
CVE
CVE
•added 2013/02/24 7:0 p.m.•111 views

CVE-2013-0219

CVE-2013-0219 affects System Security Services Daemon (SSSD) prior to 1.9.4. A TOCTOU race in copying/removing a user’s home directory tree allows a local attacker to exploit symlinks to create, modify, or delete arbitrary files in another user’s directory. This is the explicit vulnerability desc...

3.7CVSS6.1AI score0.00366EPSS
CVE
CVE
•added 2015/10/29 4:0 p.m.•105 views

CVE-2015-5292

The CVE-2015-5292 issue affects SSSD PAC responder (sssd_pac_plugin.so) in SSSD 1.10 up to, but not including, 1.13.1. The vulnerability permits remote authenticated users to trigger a denial of service via memory consumption by issuing many logins that parse PAC blobs during Kerberos authenticat...

6.8CVSS6AI score0.03666EPSS
CVE
CVE
•added 2019/12/26 8:14 p.m.•97 views

CVE-2012-3462

SSSD 1.9.0 contains a logic flaw in its access-provider path where HBAC rule results are ignored if the access-provider also sets the user’s SELinux context. Affected component: SSSD HBAC/access-provider integration. Impact described: incorrect HBAC evaluation under scenarios where SELinux user c...

8.8CVSS8.5AI score0.01607EPSS
CVE
CVE
•added 2010/08/30 7:0 p.m.•96 views

CVE-2010-2940

CVE-2010-2940 affects System Security Services Daemon (SSSD) 1.3.0. When LDAP authentication with anonymous bind is enabled, the auth_send function in providers/ldap/ldap_auth.c allows remote attackers to bypass pam_authenticate by supplying an empty password. The vulnerability enables partial co...

5.1CVSS6.7AI score0.02023EPSS
CVE
CVE
•added 2013/02/24 7:0 p.m.•80 views

CVE-2013-0220

CVE-2013-0220 affects System Security Services Daemon (SSSD) prior to 1.9.4. The vulnerability arises in the autofs and SSH responders (functions sss_autofs_cmd_getautomntent, sss_autofs_cmd_getautomntbyname, and ssh_cmd_parse_request) that can be exploited by a crafted SSSD packet to trigger an ...

5CVSS6.3AI score0.03324EPSS
CVE
CVE
•added 2014/06/11 2:0 p.m.•78 views

CVE-2014-0249

The CVE-2014-0249 issue affects SSSD 1.11.6, where group membership is not correctly identified for non-POSIX groups in a membership chain, potentially allowing local users to bypass access restrictions. Public documents confirm the vulnerability in SSSD and show vendor-advised fixes were release...

3.3CVSS6.1AI score0.00341EPSS
CVE
CVE
•added 2010/01/14 6:0 p.m.•75 views

CVE-2010-0014

CVE-2010-0014 affects the System Security Services Daemon (SSSD) with the krb5 auth_provider when the KDC is unreachable. According to Fedora/OpenVAS disclosures, vulnerable component is SSSD (sssd) and updates were released as Fedora advisories FEDORA-2010-0413, FEDORA-2010-0451, and package sss...

3.7CVSS6.7AI score0.00686EPSS
CVE
CVE
•added 2018/12/19 2:0 p.m.•70 views

CVE-2018-16883

CVE-2018-16883 affects sssd versions 1.13.0 to before 2.0.0. The vulnerability stems from improper restriction of access to the infopipe per the allowed_uids config, potentially exposing sensitive information in the user directory to local attackers. Impact is local, with partial confidentiality ...

5.5CVSS5.1AI score0.00382EPSS
CVE
CVE
•added 2011/05/26 6:0 p.m.•58 views

CVE-2011-1758

SSSD 1.5.x is affected by CVE-2011-1758, where krb5_save_ccname_done in providers/krb5/krb5_auth.c uses a pathname string as a password when automatic TGT renewal and offline auth are configured. This allows local users to bypass Kerberos authentication by listing /tmp to obtain the pathname. Aff...

3.7CVSS6.3AI score0.00338EPSS
CVE
CVE
•added 2026/06/30 8:27 a.m.•20 views

CVE-2026-12610

The CVE-2026-12610 issue affects the SSSD project, specifically the PAM responder path used during YubiKey authentication. A use-after-free in the PAM responder can cause the sssd process to crash when handling memory pointers manipulated via smartcards or YubiKey contents, leading to a denial of...

6.4CVSS5.8AI score0.00155EPSS