Fedora SSSD - System Security Services Daemon 1.12.0

CPE Details

Fedora SSSD - System Security Services Daemon 1.12.0
fedoraproject
sssd
1.12.0
2015-10-30
16h16 +00:00
2015-11-09
17h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*

Informations

Vendor

fedoraproject

Product

sssd

Version

1.12.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-3811 2019-01-15 15h00 +00:00 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
5.2
Medium
CVE-2017-12173 2018-07-27 14h00 +00:00 It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
8.8
High
CVE-2018-10852 2018-06-26 12h00 +00:00 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
7.5
High
CVE-2015-5292 2015-10-29 15h00 +00:00 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
6.8