Debian 10: DLA-3436-1 Moderate: SSSD Privilege Escalation Threats
debian lts
May 29, 2023
Multiple vulnerabilities were found in sssd, a set of daemons to manage access to remote directories and authentication mechanisms, which could lead to privilege escalation
Topics Covered
Summary
It was discovered that when the Group Policy Objects (GPO) are not
readable by SSSD due to a too strict permission settings on the
server side, SSSD allows all authenticated users to login instead of
denying access.
A new boolean setting âad_gpo_ignore_unreadableâ (defaulting to
False) is introduced for environments where attributes in the
groupPolicyContainer are not readable and changing the permissions
on the GPO objects is not possible or desirable. See sssd-ad(5).
CVE-2019-3811
It was discovered that if a user was configured with no home
directory set, then sssd(8) returns â/â (i.e., the root directory)
instead of the empty string (meaning no home directory). This could
impact services that restrict the user's filesystem access to within
their home directory through chroot() or similar.
CVE-2021-3621
It was discovered that the sssctl(8) command was vulnerable to shell
PREVIOUS
NEXT
Severity
medium
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: sssd
Version: 1.16.3-3.2+deb10u1
CVE ID: CVE-2018-16838 CVE-2019-3811 CVE-2021-3621 CVE-2022-4254
Debian Bug: 919051 931432 992710
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!