SSSD: Command Injection — GLSA 202407-05

A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution.

Affected packages

sys-auth/sssd on all architectures
Affected versions < 2.5.2-r1
Unaffected versions >= 2.5.2-r1

Background

SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources.

Description

A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details.

Impact

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access.

Workaround

There is no known workaround at this time.

Resolution

All SSSD users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-auth/sssd-2.5.2-r1"
 

References

Release date
July 01, 2024

Latest revision
July 01, 2024: 1

Severity
normal

Exploitable
local and remote

Bugzilla entries