Kaushik Banerjee

**Name of the Vulnerable Software and Affected Versions** SSSD versions 1.9.0 through 1.9.4 sssd version 1.9.2 sssd-client version 1.9.2 sssd-tools version 1.9.2 libipa hbac version 1.9.2 libipa hbac-devel version 1.9.2 libsss sudo version 1.9.2 libsss sudo-devel version 1.9.2 libipa hbac-python version 1.9.2 libsss idmap version 1.9.2 libsss idmap-devel version 1.9.2 libsss autofs version 1.9.2 sssd-debuginfo version 1.9.2 **Description** The vulnerability may lead to a breach of confidentiality and integrity of protected information. It can be exploited remotely by an attacker who has passed the authentication procedure. The Simple Access Provider in System Security Services Daemon (SSSD) does not properly enforce the simple deny groups option when the Active Directory provider is used, allowing remote authenticated users to bypass intended access restrictions. **Recommendations** For SSSD versions 1.9.0 through 1.9.4, update to a version that properly enforces the simple deny groups option. For sssd version 1.9.2, consider disabling the vulnerable component until a patch is available. For sssd-client version 1.9.2, restrict access to the vulnerable module to minimize the risk of exploitation. For sssd-tools version 1.9.2, avoid using the vulnerable tool until the issue is resolved. For libipa hbac version 1.9.2, libipa hbac-devel version 1.9.2, libsss sudo version 1.9.2, libsss sudo-devel version 1.9.2, libipa hbac-python version 1.9.2, libsss idmap version 1.9.2, libsss idmap-devel version 1.9.2, libsss autofs version 1.9.2, and sssd-debuginfo version 1.9.2, update to a version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected packages.