CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

References

Affected packages

Git / github.com/sssd/sssd

Affected ranges

Type: GIT
Repo: https://github.com/sssd/sssd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

61c515aa8484bdbcf2f4bc63c7032ade1c6ec06f

Affected versions

Other

sssd-0_2_0

sssd-0_2_1

sssd-0_3_1

sssd-0_3_2

sssd-0_3_3

sssd-0_4_0

sssd-0_4_1

sssd-0_5_0

sssd-0_6_0

sssd-0_7_0

sssd-0_99_0

sssd-1_0_99

sssd-1_10_0

sssd-1_10_90

sssd-1_10_92

sssd-1_10_alpha1

sssd-1_10_beta1

sssd-1_10_beta2

sssd-1_11_0

sssd-1_11_0_beta1

sssd-1_11_0_beta2

sssd-1_11_90

sssd-1_11_91

sssd-1_12_0

sssd-1_12_0_beta1

sssd-1_12_0_beta2

sssd-1_12_1

sssd-1_12_2

sssd-1_12_3

sssd-1_12_90

sssd-1_13_0

sssd-1_13_0_alpha

sssd-1_13_1

sssd-1_13_90

sssd-1_13_91

sssd-1_14_0

sssd-1_14_0_alpha1

sssd-1_14_0_beta1

sssd-1_14_1

sssd-1_14_2

sssd-1_15_0

sssd-1_15_1

sssd-1_15_2

sssd-1_15_3

sssd-1_16_0

sssd-1_16_1

sssd-1_16_2

sssd-1_2_91

sssd-1_3_0

sssd-1_4_0

sssd-1_5_0

sssd-1_5_1

sssd-1_6_0

sssd-1_8_91

sssd-1_8_92

sssd-1_8_93

sssd-1_8_94

sssd-1_8_95

sssd-1_8_96

sssd-1_8_97

sssd-1_8_98

sssd-1_9_0

sssd-1_9_0_beta1

sssd-1_9_0_beta2

sssd-1_9_0_beta3

sssd-1_9_0_beta4

sssd-1_9_0_beta5

sssd-1_9_0_beta6

sssd-1_9_0_beta7

sssd-1_9_0_rc1

sssd-1_9_1

sssd-1_9_2

sssd-1_9_91

sssd-1_9_92

sssd-1_9_93

sssd-1_9_94