Sssd

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Published: 2024-04-18T19:06:44.216Z
Updated: 2025-11-06T22:57:03.881Z

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

Published: 2023-02-01T00:00:00.000Z
Updated: 2025-03-27T14:42:34.058Z

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

Published: 2019-01-15T15:00:00.000Z
Updated: 2025-02-13T16:27:24.771Z

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

Published: 2018-12-19T14:00:00.000Z
Updated: 2024-08-05T10:32:54.202Z

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

Published: 2018-06-26T14:00:00.000Z
Updated: 2024-08-05T07:46:47.244Z

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Published: 2018-07-27T16:00:00.000Z
Updated: 2024-08-05T18:28:16.645Z

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.

Published: 2013-02-24T19:00:00.000Z
Updated: 2024-08-06T14:18:09.559Z

System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.

Published: 2013-02-24T19:00:00.000Z
Updated: 2024-08-06T14:18:09.487Z

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.

Published: 2010-01-14T18:00:00.000Z
Updated: 2024-09-16T20:47:31.841Z