ALAS2-2018-1127 --- sssd, python-sss, libsss_autofs, python-libsss_nss_idmap, libsss_nss_idmap, libsss_sudo, libsss_certmap, libsss_idmap, libipa_hbac, python-libipa_hbac, python-sssdconfig| ID: oval:org.secpod.oval:def:1700110 | Date: (C)2018-12-24 (M)2023-12-20 |
| Class: PATCH | Family: unix |
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user.
| Product: |
| sssd |
| python-sss |
| libsss_autofs |
| python-libsss_nss_idmap |
| libsss_nss_idmap |
| libsss_sudo |
| libsss_certmap |
| libsss_idmap |
| libipa_hbac |
| python-libipa_hbac |
| python-sssdconfig |
