Ubuntu update for sssd
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-10852 CVE-2018-16838 CVE-2019-3811 CVE-2021-3621 |
| CWE-ID | CWE-200 CWE-264 CWE-284 CWE-77 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system sssd (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU14328
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10852
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to too wide permissions in the UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD. A remote attacker can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user.
MitigationUpdate the affected package sssd to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.04
sssd (Ubuntu package): before 2.4.0-1ubuntu6.1
External linkshttp://ubuntu.com/security/notices/USN-5067-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU17376
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16838
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the system.
The vulnerability exists due to a flaw in sssd Group Policy Objects implementation when the GPO is not readable by SSSD due to a too strict permission settings on the server side. A remote attacker can bypass security restrictions.
MitigationUpdate the affected package sssd to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.04
sssd (Ubuntu package): before 2.4.0-1ubuntu6.1
External linkshttp://ubuntu.com/security/notices/USN-5067-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU17121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-3811
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to bypass security restrictions.
The vulnerability exists due to the return of '/' (the root directory) instead of '' (the empty string / no home directory) if a user was configured with no home directory set. An adjacent attacker can bypass services that restrict the user's filesystem access to within their home directory through chroot().
MitigationUpdate the affected package sssd to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.04
sssd (Ubuntu package): before 2.4.0-1ubuntu6.1
External linkshttp://ubuntu.com/security/notices/USN-5067-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Command Injection
EUVDB-ID: #VU56000
Risk: Medium
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3621
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation in the sssctl command within the logs-fetch and cache-expire subcommands. An attacker can trick the root user into running a specially crafted sssctl command, such as via sudo, and execute arbitrary code with root privileges.
Update the affected package sssd to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.04
sssd (Ubuntu package): before 2.4.0-1ubuntu6.1
External linkshttp://ubuntu.com/security/notices/USN-5067-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
