USN-5067-1
- Source
- https://ubuntu.com/security/notices/USN-5067-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5067-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-5067-1
- Upstream
- Related
- Published
- 2021-09-08T11:40:23.694368Z
- Modified
- 2025-07-16T08:31:53.046913Z
- Summary
- sssd vulnerabilities
- Details
-
Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10852)
It was discovered that SSSD incorrectly handled Group Policy Objects. When SSSD is configured with too strict permissions causing the GPO to not be readable, SSSD will allow all authenticated users to login instead of being denied, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16838)
It was discovered that SSSD incorrectly handled users with no home directory set. When no home directory was set, SSSD would return the root directory instead of an empty string, possibly bypassing security measures. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3811)
Cedric Buissart discovered that SSSD incorrectly handled the sssctl command. In certain environments, a local user could use this issue to execute arbitrary commands and possibly escalate privileges. (CVE-2021-3621)
- References
Affected packages
Ubuntu:18.04:LTS / sssd
Package
- Name
- sssd
- Purl
- pkg:deb/ubuntu/sssd@1.16.1-1ubuntu1.8?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.16.1-1ubuntu1.8
Affected versions
1.*
1.15.3-2ubuntu1
1.15.3-3ubuntu1
1.16.0-5ubuntu1
1.16.0-5ubuntu2
1.16.1-1ubuntu1
1.16.1-1ubuntu1.1
1.16.1-1ubuntu1.2
1.16.1-1ubuntu1.3
1.16.1-1ubuntu1.4
1.16.1-1ubuntu1.5
1.16.1-1ubuntu1.6
1.16.1-1ubuntu1.7
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libipa-hbac-dev",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libipa-hbac0",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libipa-hbac0-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libnss-sss",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libnss-sss-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libpam-sss",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libpam-sss-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-certmap-dev",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-certmap0",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-certmap0-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-idmap-dev",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-idmap0",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-idmap0-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-nss-idmap-dev",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-nss-idmap0",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-nss-idmap0-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-simpleifp-dev",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-simpleifp0",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-simpleifp0-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-sudo",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libsss-sudo-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libwbclient-sssd",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libwbclient-sssd-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "libwbclient-sssd-dev",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python-libipa-hbac",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python-libipa-hbac-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python-libsss-nss-idmap",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python-libsss-nss-idmap-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python-sss",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python-sss-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python3-libipa-hbac",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python3-libipa-hbac-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python3-libsss-nss-idmap",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python3-libsss-nss-idmap-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python3-sss",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "python3-sss-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-ad",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-ad-common",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-ad-common-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-ad-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-common",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-common-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-dbus",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-dbus-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-ipa",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-ipa-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-kcm",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-kcm-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-krb5",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-krb5-common",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-krb5-common-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-krb5-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-ldap",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-ldap-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-proxy",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-proxy-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-tools",
"binary_version": "1.16.1-1ubuntu1.8"
},
{
"binary_name": "sssd-tools-dbgsym",
"binary_version": "1.16.1-1ubuntu1.8"
}
]
}
Ubuntu:20.04:LTS / sssd
Package
- Name
- sssd
- Purl
- pkg:deb/ubuntu/sssd@2.2.3-3ubuntu0.7?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.3-3ubuntu0.7
Affected versions
2.*
2.2.0-4ubuntu1
2.2.2-1
2.2.2-1ubuntu1
2.2.3-1.1ubuntu1
2.2.3-2
2.2.3-3
2.2.3-3ubuntu0.1
2.2.3-3ubuntu0.2
2.2.3-3ubuntu0.3
2.2.3-3ubuntu0.4
2.2.3-3ubuntu0.6
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libipa-hbac-dev",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libipa-hbac0",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libipa-hbac0-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libnss-sss",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libnss-sss-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libpam-sss",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libpam-sss-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-certmap-dev",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-certmap0",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-certmap0-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-idmap-dev",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-idmap0",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-idmap0-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-nss-idmap-dev",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-nss-idmap0",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-nss-idmap0-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-simpleifp-dev",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-simpleifp0",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-simpleifp0-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-sudo",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libsss-sudo-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libwbclient-sssd",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libwbclient-sssd-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "libwbclient-sssd-dev",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "python3-libipa-hbac",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "python3-libipa-hbac-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "python3-libsss-nss-idmap",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "python3-libsss-nss-idmap-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "python3-sss",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "python3-sss-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-ad",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-ad-common",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-ad-common-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-ad-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-common",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-common-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-dbus",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-dbus-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-ipa",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-ipa-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-kcm",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-kcm-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-krb5",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-krb5-common",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-krb5-common-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-krb5-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-ldap",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-ldap-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-proxy",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-proxy-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-tools",
"binary_version": "2.2.3-3ubuntu0.7"
},
{
"binary_name": "sssd-tools-dbgsym",
"binary_version": "2.2.3-3ubuntu0.7"
}
]
}