Sssd@* Security Vulnerabilities and Issues — Sssd@* CVE List

Lucene search

FedoraprojectSssd*

10 matches found

CVE•added 2021/12/23 9:15 p.m.•920 views

CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threa...

9.3CVSS8.8AI score0.00276EPSS

CVE•added 2018/06/26 2:29 p.m.•357 views

CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before ...

7.5CVSS6AI score0.00149EPSS

CVE•added 2023/02/01 5:15 p.m.•300 views

CVE-2022-4254

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

8.8CVSS8.4AI score0.0009EPSS

CVE•added 2018/07/27 4:29 p.m.•229 views

CVE-2017-12173

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use thi...

8.8CVSS8.4AI score0.00471EPSS

CVE•added 2019/01/15 3:29 p.m.•182 views

CVE-2019-3811

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroo...

5.2CVSS5.2AI score0.00156EPSS

CVE•added 2024/04/18 7:15 p.m.•169 views

CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

7.1CVSS5.9AI score0.00024EPSS

CVE•added 2013/02/24 7:55 p.m.•71 views

CVE-2013-0219

System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.

3.7CVSS6.1AI score0.00064EPSS

CVE•added 2013/02/24 7:55 p.m.•62 views

CVE-2013-0220

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of servi...

5CVSS6.3AI score0.01922EPSS

CVE•added 2018/12/19 2:29 p.m.•56 views

CVE-2018-16883

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

5.5CVSS5.1AI score0.00126EPSS

CVE•added 2010/01/14 6:30 p.m.•49 views

CVE-2010-0014

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ti...

3.7CVSS6.7AI score0.00133EPSS