CVE-2021-3621

Published: 16 August 2021

shell command injection in sssctl comment

Priority

Medium

Status

Package Release Status
sssd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (2.4.0-1ubuntu6.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2.2.3-3ubuntu0.7)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.16.1-1ubuntu1.8)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe

Notes

AuthorNote
leosilva
vulnerability was introduced in v1.13.91
by commit: https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba
xenial/esm is not-affected as it is based on 1.13.4-1 and so, code affected
is not present.

References

Bugs