A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an malicious user to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject sssd 2.6.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 6.0 |
||
redhat virtualization host 4.0 |
||
redhat virtualization 4.0 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux eus 8.1 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux server tus 8.2 |
||
redhat enterprise linux server aus 8.2 |
||
redhat enterprise linux server tus 8.4 |
||
redhat enterprise linux server aus 8.4 |
||
fedoraproject fedora 34 |