PT-2021-7962 · Sssd+10 · Sssd+10

Cedric Buissart

·

Published

2021-06-23

·

Updated

2025-02-09

·

CVE-2021-3621

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions SSSD (affected versions not specified)
Description The issue is related to the sssctl command in the SSSD service, which lacks input sanitization measures. This allows a remote attacker to exploit the vulnerability, potentially gaining access to confidential data, disrupting data integrity, and causing a denial of service. The flaw is specifically found in the logs-fetch and cache-expire subcommands, which are vulnerable to shell command injection. This could trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this issue is to confidentiality, integrity, as well as system availability.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

OS Command Injection

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

ALSA-2021:3151
ALT-PU-2021-3248
ALT-PU-2021-3297
ALT-PU-2021-3340
ALT-PU-2021-3471
BDU:2023-07637
CESA-2021_3151
CESA-2021_3336
CVE-2021-3621
DLA-2758-1
DLA-3436-1
DLA-4047-1
MGASA-2021-0502
OESA-2021-1340
OPENSUSE-SU-2021:2941-1
OPENSUSE-SU-2021_2941-1
OPENSUSE-SU-2022_2763-1
OPENSUSE-SU-2024:13446-1
RHSA-2021:3151
RHSA-2021:3178
RHSA-2021:3235
RHSA-2021:3336
RHSA-2021:3365
RHSA-2021:3477
RHSA-2021_3151
RHSA-2021_3336
RLSA-2021:3151
SUSE-RU-2021:3185-1
SUSE-SU-2021:2873-1
SUSE-SU-2021:2941-1
SUSE-SU-2021_2873-1
SUSE-SU-2021_2941-1
SUSE-SU-2022:0826-1
SUSE-SU-2022:1258-1
SUSE-SU-2022:2763-1
SUSE-SU-2022_0826-1
SUSE-SU-2022_1258-1
SUSE-SU-2022_2763-1
USN-5067-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Sssd
Suse
Ubuntu