Learn more about these different git repos.
Other Git URLs
Summary: SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like '(objectClass=user)(name=user_name)' are used. However, in sysdb_search_user_by_upn_res(), the input is not sanitized and allows to manipulate the search filter for cache lookups. This would allow a logged in user to discover the password hash of a different user.
For more details, see: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/IKWCIYZ3E6ATZECU2SIWCJ22POSDTI2V/
master:
and fix for removing dead code
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue set to the milestone: SSSD 1.15.4 - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15.4)
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1499659
Issue linked to Bugzilla: Bug 1499659
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1499659)
Issue linked to Bugzilla: Bug 1499658
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658, https://bugzilla.redhat.com/show_bug.cgi?id=1507435 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658)
Issue linked to Bugzilla: Bug 1507435
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658, https://bugzilla.redhat.com/show_bug.cgi?id=1507435, https://bugzilla.redhat.com/show_bug.cgi?id=1489666 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658, https://bugzilla.redhat.com/show_bug.cgi?id=1507435)
Issue linked to Bugzilla: Bug 1489666
sssd-1-14:
sssd-1-13:
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4575
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.