#VU71473 LDAP injection in SSSD


Published: 2023-01-24

Vulnerability identifier: #VU71473

Vulnerability risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4254

CWE-ID: CWE-90

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SSSD
Web applications / Remote management & hosting panels

Vendor: SSSD

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper input validation in libsss_certmap functionality when validating data used in DLAP queries. A remote non-authenticated attacker can use a specially crafted certificate to bypass authentication process and gain control of the admin account, leading to full domain takeover.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SSSD: 1.15.3 - 2.3.0

External links
http://bugzilla.redhat.com/show_bug.cgi?id=2149894

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Juniper Networks Session Smart Router
Multiple vulnerabilities in IBM QRadar SIEM
Ubuntu update for sssd
Multiple vulnerabilities in Dell Cloud Tiering Appliance
Amazon Linux AMI update for sssd
SUSE update for sssd
SUSE update for sssd
SUSE update for sssd
CentOS 7 update for sssd
SUSE update for sssd