SSSD / sssd

Clone
Source Code
GIT
Documentation
GIT

Learn more about these different git repos.

#3766 CVE-2018-10852: information leak from the sssd-sudo responder
Closed: Fixed 5 months ago by jhrozek. Opened 5 months ago by jhrozek.

Closed: Fixed
Reopen Issue

SSSD uses a UNIX pipe, typically located at /var/lib/sss/pipes/sudo for
communication between sudo and the sssd-sudo responder. When SSSD created
this pipe, the umask() call was set to be too permissive, which resulted
in the pipe being readable and writable. Then, if an attacker used the
same communication protocol that sudo uses to talk to SSSD, they could
obtain the list of sudo rules for any user who stores their sudo rules in
a remote directory.

While the sudo responder is not started by default by SSSD itself, utilities
like ipa-client-install configure the sudo responder to be started.

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
5 months ago

Metadata Update from @jhrozek:
- Issue priority set to: blocker (was: minor)
- Issue set to the milestone: SSSD 1.16.3
5 months ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
5 months ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1595057
5 months ago

Issue linked to Bugzilla: Bug 1595057

Login to comment on this ticket.

Metadata
None
None
None
blocker
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1595057
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.1.3
DocumentationFile an IssueSSH Hostkey/Fingerprint
© 2014-2018 Red Hat, Inc. and others.