#3766 CVE-2018-10852: information leak from the sssd-sudo responder
Closed: Fixed 5 years ago Opened 5 years ago by jhrozek.

SSSD uses a UNIX pipe, typically located at /var/lib/sss/pipes/sudo for
communication between sudo and the sssd-sudo responder. When SSSD created
this pipe, the umask() call was set to be too permissive, which resulted
in the pipe being readable and writable. Then, if an attacker used the
same communication protocol that sudo uses to talk to SSSD, they could
obtain the list of sudo rules for any user who stores their sudo rules in
a remote directory.

While the sudo responder is not started by default by SSSD itself, utilities
like ipa-client-install configure the sudo responder to be started.

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

5 years ago

Metadata Update from @jhrozek:
- Issue priority set to: blocker (was: minor)
- Issue set to the milestone: SSSD 1.16.3

5 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1595057

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4772

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.