PT-2018-13779 · Red Hat+1 · Sssd+1

Christian Heimes

Publicado

2018-10-22

Atualizado

2019-10-09

CVE-2018-16883

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions sssd versions 1.13.0 through 1.99.99 (since 2.0.0 is the first version not affected, it implies versions before 2.0.0 are vulnerable)

Description The issue concerns improper restriction of access to the infopipe based on the allowed uids configuration parameter. This could lead to the disclosure of sensitive information stored in the user directory to local attackers.

Recommendations For sssd versions 1.13.0 through 1.99.99, update to version 2.0.0 or later to properly restrict access to the infopipe according to the allowed uids configuration parameter.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2018-2532

CVE-2018-16883

Produtos afetados

Alt Linux

Sssd

PT-2018-13779 · Red Hat+1 · Sssd+1

CVE-2018-16883

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9