Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-10852

Published: 26 June 2018

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
sssd
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (1.16.1-1ubuntu1.8)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(2.2.0-4ubuntu1)
focal Not vulnerable
(2.2.2-1)
groovy Not vulnerable
(2.2.2-1)
hirsute Not vulnerable
(2.2.2-1)
impish Not vulnerable
(2.2.2-1)
jammy Not vulnerable
(2.2.2-1)
kinetic Not vulnerable
(2.2.2-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.16.3-1)
xenial Needed

Patches:
upstream: https://pagure.io/SSSD/sssd/c/ed90a20a0f0e936eb00d268080716c0384ffb01d