PT-2017-3848 · Red Hat+4 · Sssd+5

Publicado

2017-10-05

Atualizado

2024-06-15

CVE-2017-12173

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions sssd versions prior to 1.16.0

Description The issue is related to insufficient input validation in the sysdb search user by upn res() function of the sssd service, which manages access to remote directories and authentication mechanisms. This flaw can be exploited by a remote attacker to gain unauthorized access to protected information. In a centralized login environment, if a password hash is locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Recommendations For versions prior to 1.16.0, update to version 1.16.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the local cache to minimize the risk of exploitation.

Correção

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-200

Identificadores relacionados

ALT-PU-2018-1423

BDU:2019-04067

CESA-2017_3379

CESA-2018_1877

CVE-2017-12173

MGASA-2017-0421

OPENSUSE-SU-2024:11408-1

RHSA-2017:3379

RHSA-2017_3379

RHSA-2018:1877

RHSA-2018_1877

SUSE-SU-2017:2937-1

SUSE-SU-2017_2937-1

USN-3526-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Sssd

PT-2017-3848 · Red Hat+4 · Sssd+5

CVE-2017-12173

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27