A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution.
Package | sys-auth/sssd on all architectures |
---|---|
Affected versions | < 2.5.2-r1 |
Unaffected versions | >= 2.5.2-r1 |
SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources.
A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details.
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access.
There is no known workaround at this time.
All SSSD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/sssd-2.5.2-r1"
Release date
July 01, 2024
Latest revision
July 01, 2024: 1
Severity
normal
Exploitable
local and remote
Bugzilla entries