#3766 CVE-2018-10852: information leak from the sssd-sudo responder
Closed: Fixed 9 months ago Opened 9 months ago by jhrozek.

SSSD uses a UNIX pipe, typically located at /var/lib/sss/pipes/sudo for
communication between sudo and the sssd-sudo responder. When SSSD created
this pipe, the umask() call was set to be too permissive, which resulted
in the pipe being readable and writable. Then, if an attacker used the
same communication protocol that sudo uses to talk to SSSD, they could
obtain the list of sudo rules for any user who stores their sudo rules in
a remote directory.

While the sudo responder is not started by default by SSSD itself, utilities
like ipa-client-install configure the sudo responder to be started.


Metadata Update from @jhrozek:
- Issue assigned to jhrozek

9 months ago

Metadata Update from @jhrozek:
- Issue priority set to: blocker (was: minor)
- Issue set to the milestone: SSSD 1.16.3

9 months ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

9 months ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1595057

9 months ago

Login to comment on this ticket.

Metadata