CVE-2017-12173

Published: 05 October 2017

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
sssd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.15.3-2ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.13.4-1ubuntu1.10)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)

Notes

AuthorNote
leosilva
according with RHEL "Versions prior to sssd-1.12.0 are
not affected (affected commit: 7ecb5ae)"

References