Issue #3549: CVE-2017-12173: Unsanitized input when searching in local cache database - sssd

SSSD / sssd

#3549 CVE-2017-12173: Unsanitized input when searching in local cache database

Closed: Fixed 6 years ago Opened 6 years ago by jhrozek.

Summary: SSSD stores its cached data in an LDAP like local database
file using libldb. To lookup cached data LDAP search filters
like '(objectClass=user)(name=user_name)' are used. However, in
sysdb_search_user_by_upn_res(), the input is not sanitized and allows
to manipulate the search filter for cache lookups. This would allow
a logged in user to discover the password hash of a different user.

For more details, see: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/IKWCIYZ3E6ATZECU2SIWCJ22POSDTI2V/

jhrozek commented 6 years ago

master:

1f2662c

and fix for removing dead code

b739b3e

Edited 6 years ago by lslebodn

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue set to the milestone: SSSD 1.15.4
- Issue status updated to: Closed (was: Open)

6 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15.4)

6 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1499659

6 years ago

jhrozek commented 6 years ago

Issue linked to Bugzilla: Bug 1499659

6 years ago

jhrozek commented 6 years ago

Issue linked to Bugzilla: Bug 1499658

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658, https://bugzilla.redhat.com/show_bug.cgi?id=1507435 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658)

6 years ago

jhrozek commented 6 years ago

Issue linked to Bugzilla: Bug 1507435

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658, https://bugzilla.redhat.com/show_bug.cgi?id=1507435, https://bugzilla.redhat.com/show_bug.cgi?id=1489666 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658, https://bugzilla.redhat.com/show_bug.cgi?id=1507435)

6 years ago

jhrozek commented 6 years ago

Issue linked to Bugzilla: Bug 1489666

lslebodn commented 6 years ago

sssd-1-14:

lslebodn commented 6 years ago

sssd-1-13:

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4575

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

SSSD 1.16.0

type

None

component

None

version

None

selected

None

testsupdated

None

patch

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1499659, https://bugzilla.redhat.com/show_bug.cgi?id=1499658, https://bugzilla.redhat.com/show_bug.cgi?id=1507435, https://bugzilla.redhat.com/show_bug.cgi?id=1489666

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#3549 CVE-2017-12173: Unsanitized input when searching in local cache database Closed: Fixed 6 years ago Opened 6 years ago by jhrozek.

Metadata

#3549 CVE-2017-12173: Unsanitized input when searching in local cache database

Closed: Fixed 6 years ago Opened 6 years ago by jhrozek.