CVE-2018-10852

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-10852
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10852.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-10852
Downstream
Related
Published
2018-06-26T14:29:02.207Z
Modified
2026-03-20T11:21:07.542209Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

References

Affected packages

Git / github.com/sssd/sssd

Affected ranges

Type
GIT
Repo
https://github.com/sssd/sssd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
61c515aa8484bdbcf2f4bc63c7032ade1c6ec06f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.16.3"
        }
    ]
}

Affected versions

Other
sssd-0_2_0
sssd-0_2_1
sssd-0_3_1
sssd-0_3_2
sssd-0_3_3
sssd-0_4_0
sssd-0_4_1
sssd-0_5_0
sssd-0_6_0
sssd-0_7_0
sssd-0_99_0
sssd-1_0_99
sssd-1_10_0
sssd-1_10_90
sssd-1_10_92
sssd-1_10_alpha1
sssd-1_10_beta1
sssd-1_10_beta2
sssd-1_11_0
sssd-1_11_0_beta1
sssd-1_11_0_beta2
sssd-1_11_90
sssd-1_11_91
sssd-1_12_0
sssd-1_12_0_beta1
sssd-1_12_0_beta2
sssd-1_12_1
sssd-1_12_2
sssd-1_12_3
sssd-1_12_90
sssd-1_13_0
sssd-1_13_0_alpha
sssd-1_13_1
sssd-1_13_90
sssd-1_13_91
sssd-1_14_0
sssd-1_14_0_alpha1
sssd-1_14_0_beta1
sssd-1_14_1
sssd-1_14_2
sssd-1_15_0
sssd-1_15_1
sssd-1_15_2
sssd-1_15_3
sssd-1_16_0
sssd-1_16_1
sssd-1_16_2
sssd-1_2_91
sssd-1_3_0
sssd-1_4_0
sssd-1_5_0
sssd-1_5_1
sssd-1_6_0
sssd-1_8_91
sssd-1_8_92
sssd-1_8_93
sssd-1_8_94
sssd-1_8_95
sssd-1_8_96
sssd-1_8_97
sssd-1_8_98
sssd-1_9_0
sssd-1_9_0_beta1
sssd-1_9_0_beta2
sssd-1_9_0_beta3
sssd-1_9_0_beta4
sssd-1_9_0_beta5
sssd-1_9_0_beta6
sssd-1_9_0_beta7
sssd-1_9_0_rc1
sssd-1_9_1
sssd-1_9_2
sssd-1_9_91
sssd-1_9_92
sssd-1_9_93
sssd-1_9_94

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10852.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    }
]