Search CVE reports


Toggle filters

11 – 20 of 25 results


CVE-2012-3462

Low priority
Not affected

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd Not affected
Show less packages

CVE-2018-16838

Low priority

Some fixes available 1 of 4

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2019-3811

Low priority

Some fixes available 1 of 4

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the...

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2018-16883

Low priority
Vulnerable

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could...

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2018-10852

Low priority

Some fixes available 1 of 5

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the...

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-12173

Medium priority
Fixed

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was...

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd
Show less packages

CVE-2015-5292

Low priority
Ignored

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory...

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd Not affected
Show less packages

CVE-2014-0249

Low priority
Ignored

The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd Not affected
Show less packages

CVE-2013-0287

Medium priority
Ignored

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users...

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd
Show less packages

CVE-2013-0220

Medium priority

Some fixes available 9 of 13

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon...

1 affected package

sssd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sssd
Show less packages