ALAS2-2018-1127 --- sssd, python-sss, libsss_autofs, python-libsss_nss_idmap, libsss_nss_idmap, libsss_sudo, libsss_certmap, libsss_idmap, libipa_hbac, python-libipa_hbac, python-sssdconfigID: oval:org.secpod.oval:def:1700110 | Date: (C)2018-12-24 (M)2023-12-20 |
Class: PATCH | Family: unix |
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user.
Product: |
sssd |
python-sss |
libsss_autofs |
python-libsss_nss_idmap |
libsss_nss_idmap |
libsss_sudo |
libsss_certmap |
libsss_idmap |
libipa_hbac |
python-libipa_hbac |
python-sssdconfig |