ALAS-2017-935 ---- sssd, python, libsss_certmap, libsss_autofs, libsss_nss_idmap, libsss_sudo, libsss_idmap, libipa_hbacID: oval:org.secpod.oval:def:1600819 | Date: (C)2017-12-26 (M)2021-09-12 |
Class: PATCH | Family: unix |
Unsanitized input when searching in local cache databaseIt was found that sssd#039;s sysdb_search_user_by_upn_res function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it
Platform: |
Amazon Linux AMI |
Product: |
sssd |
python |
libsss_autofs |
libsss_nss_idmap |
libsss_sudo |
libsss_certmap |
libsss_idmap |
libipa_hbac |