PT-2018-13779 · Red Hat+1 · Sssd+1
Christian Heimes
+1
·
Published
2018-10-22
·
Updated
2019-10-09
·
CVE-2018-16883
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
sssd versions 1.13.0 through 1.99.99 (since 2.0.0 is the first version not affected, it implies versions before 2.0.0 are vulnerable)
Description
The issue concerns improper restriction of access to the infopipe based on the
allowed uids configuration parameter. This could lead to the disclosure of sensitive information stored in the user directory to local attackers.Recommendations
For sssd versions 1.13.0 through 1.99.99, update to version 2.0.0 or later to properly restrict access to the infopipe according to the
allowed uids configuration parameter.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Sssd