Permission Flaw in SSSD for Reading Sudo Rules
CVE-2018-10852

3.8LOW

Key Information:

Vendor: [unknown]
Status: Sssd
Vendor: CVE Published:; 26 June 2018

What is CVE-2018-10852?

A vulnerability exists in SSSD, where the UNIX pipe used by sudo to access SSSD has overly permissive settings. This flaw enables attackers who can communicate with the same protocol to read sensitive sudo rules for any user, potentially compromising system security and user privacy. Affected versions of SSSD include all prior to 1.16.3. Proper configuration and updates are recommended to mitigate this exposure.

Affected Version(s)

sssd SSSD 1.16.3

References

https://lists.debian.org/debian-lts-announce/2018/07/msg0...

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:3158

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

CVSS V3.0

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2018
Vulnerability Reserved
May 9, 2018

CVE-2018-10852 Data

JSON

[unknown]

What is CVE-2018-10852?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline