Search CVE reports
1 – 10 of 25 results
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to...
1 affected package
sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sssd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to...
1 affected package
sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sssd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw...
1 affected package
sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sssd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a...
1 affected package
sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sssd | Fixed | Fixed | Not affected | Not affected | Not affected |
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled,...
1 affected package
sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sssd | — | Ignored | Ignored | Ignored | Ignored |
Some fixes available 8 of 10
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
1 affected package
sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sssd | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a...
2 affected packages
libpam-krb5, sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libpam-krb5 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| sssd | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 1 of 2
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
1 affected package
sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sssd | Not affected | Not affected | Not affected | Fixed | Vulnerable |
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
8 affected packages
dietlibc, eglibc, glibc, sssd, syslinux...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dietlibc | — | Ignored | Ignored | Ignored | Ignored |
| eglibc | — | Not in release | Not in release | Not in release | Not in release |
| glibc | — | Ignored | Ignored | Ignored | Ignored |
| sssd | — | Ignored | Ignored | Ignored | Ignored |
| syslinux | — | Ignored | Ignored | Ignored | Ignored |
| syslinux-legacy | — | Not in release | Not in release | Ignored | Ignored |
| uclibc | — | — | — | — | — |
| zabbix | — | Not in release | Ignored | Ignored | Ignored |
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted...
1 affected package
sssd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sssd | — | — | Fixed | Fixed | Fixed |