USN-5067-1

Source
https://ubuntu.com/security/notices/USN-5067-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5067-1.json
Related
Published
2021-09-08T11:40:23.694368Z
Modified
2021-09-08T11:40:23.694368Z
Summary
sssd vulnerabilities
Details

Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10852)

It was discovered that SSSD incorrectly handled Group Policy Objects. When SSSD is configured with too strict permissions causing the GPO to not be readable, SSSD will allow all authenticated users to login instead of being denied, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16838)

It was discovered that SSSD incorrectly handled users with no home directory set. When no home directory was set, SSSD would return the root directory instead of an empty string, possibly bypassing security measures. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3811)

Cedric Buissart discovered that SSSD incorrectly handled the sssctl command. In certain environments, a local user could use this issue to execute arbitrary commands and possibly escalate privileges. (CVE-2021-3621)

References

Affected packages

Ubuntu:18.04:LTS / sssd

Package

Name
sssd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.16.1-1ubuntu1.8

Ecosystem specific 

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "sssd-ldap": "1.16.1-1ubuntu1.8",
            "libsss-idmap-dev": "1.16.1-1ubuntu1.8",
            "sssd-ipa": "1.16.1-1ubuntu1.8",
            "python-sss": "1.16.1-1ubuntu1.8",
            "libpam-sss": "1.16.1-1ubuntu1.8",
            "python3-sss": "1.16.1-1ubuntu1.8",
            "python-libipa-hbac": "1.16.1-1ubuntu1.8",
            "libipa-hbac-dev": "1.16.1-1ubuntu1.8",
            "libsss-idmap0": "1.16.1-1ubuntu1.8",
            "sssd-ad": "1.16.1-1ubuntu1.8",
            "libwbclient-sssd": "1.16.1-1ubuntu1.8",
            "libnss-sss": "1.16.1-1ubuntu1.8",
            "sssd": "1.16.1-1ubuntu1.8",
            "sssd-krb5-common": "1.16.1-1ubuntu1.8",
            "python-libsss-nss-idmap": "1.16.1-1ubuntu1.8",
            "libsss-nss-idmap-dev": "1.16.1-1ubuntu1.8",
            "sssd-proxy": "1.16.1-1ubuntu1.8",
            "python3-libsss-nss-idmap": "1.16.1-1ubuntu1.8",
            "sssd-krb5": "1.16.1-1ubuntu1.8",
            "libsss-certmap0": "1.16.1-1ubuntu1.8",
            "libwbclient-sssd-dev": "1.16.1-1ubuntu1.8",
            "libsss-nss-idmap0": "1.16.1-1ubuntu1.8",
            "libsss-simpleifp-dev": "1.16.1-1ubuntu1.8",
            "libsss-certmap-dev": "1.16.1-1ubuntu1.8",
            "sssd-dbus": "1.16.1-1ubuntu1.8",
            "libsss-sudo": "1.16.1-1ubuntu1.8",
            "sssd-ad-common": "1.16.1-1ubuntu1.8",
            "python3-libipa-hbac": "1.16.1-1ubuntu1.8",
            "libsss-simpleifp0": "1.16.1-1ubuntu1.8",
            "sssd-common": "1.16.1-1ubuntu1.8",
            "libipa-hbac0": "1.16.1-1ubuntu1.8",
            "sssd-tools": "1.16.1-1ubuntu1.8",
            "sssd-kcm": "1.16.1-1ubuntu1.8"
        }
    ]
}

Ubuntu:20.04:LTS / sssd

Package

Name
sssd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.2.3-3ubuntu0.7

Ecosystem specific 

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "sssd-ldap": "2.2.3-3ubuntu0.7",
            "libsss-idmap-dev": "2.2.3-3ubuntu0.7",
            "python3-sss": "2.2.3-3ubuntu0.7",
            "sssd-ipa": "2.2.3-3ubuntu0.7",
            "libpam-sss": "2.2.3-3ubuntu0.7",
            "libipa-hbac-dev": "2.2.3-3ubuntu0.7",
            "libsss-idmap0": "2.2.3-3ubuntu0.7",
            "sssd-ad": "2.2.3-3ubuntu0.7",
            "libwbclient-sssd": "2.2.3-3ubuntu0.7",
            "sssd": "2.2.3-3ubuntu0.7",
            "sssd-krb5-common": "2.2.3-3ubuntu0.7",
            "libnss-sss": "2.2.3-3ubuntu0.7",
            "libsss-nss-idmap-dev": "2.2.3-3ubuntu0.7",
            "sssd-proxy": "2.2.3-3ubuntu0.7",
            "python3-libsss-nss-idmap": "2.2.3-3ubuntu0.7",
            "sssd-krb5": "2.2.3-3ubuntu0.7",
            "libsss-certmap0": "2.2.3-3ubuntu0.7",
            "libwbclient-sssd-dev": "2.2.3-3ubuntu0.7",
            "libsss-nss-idmap0": "2.2.3-3ubuntu0.7",
            "libsss-simpleifp-dev": "2.2.3-3ubuntu0.7",
            "libsss-certmap-dev": "2.2.3-3ubuntu0.7",
            "sssd-dbus": "2.2.3-3ubuntu0.7",
            "python3-libipa-hbac": "2.2.3-3ubuntu0.7",
            "sssd-ad-common": "2.2.3-3ubuntu0.7",
            "libsss-sudo": "2.2.3-3ubuntu0.7",
            "libsss-simpleifp0": "2.2.3-3ubuntu0.7",
            "sssd-common": "2.2.3-3ubuntu0.7",
            "libipa-hbac0": "2.2.3-3ubuntu0.7",
            "sssd-tools": "2.2.3-3ubuntu0.7",
            "sssd-kcm": "2.2.3-3ubuntu0.7"
        }
    ]
}