rpm package
opensuse/sssd&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/sssd&distro=openSUSE%20Tumbleweed
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6245 | Med | 5.5 | < 2.13.0-1.1 | 2.13.0-1.1 | Apr 15, 2026 | A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit terminati | |
| CVE-2025-11561 | Hig | 8.8 | < 2.11.1-2.1 | 2.11.1-2.1 | Oct 9, 2025 | A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. Th | |
| CVE-2021-3621 | — | < 2.9.3-2.1 | 2.9.3-2.1 | Dec 23, 2021 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access | ||
| CVE-2018-16838 | — | < 2.9.3-2.1 | 2.9.3-2.1 | Mar 25, 2019 | A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | ||
| CVE-2019-3811 | — | < 2.9.3-2.1 | 2.9.3-2.1 | Jan 15, 2019 | A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home dire | ||
| CVE-2017-12173 | Med | 4.3 | < 2.5.2-1.4 | 2.5.2-1.4 | Jul 27, 2018 | It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated att | |
| CVE-2018-10852 | Low | 3.8 | < 2.5.2-1.4 | 2.5.2-1.4 | Jun 26, 2018 | The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versi | |
| CVE-2014-0249 | — | < 1.14.2-3.1 | 1.14.2-3.1 | Jun 11, 2014 | The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. | ||
| CVE-2013-0287 | — | < 1.14.2-3.1 | 1.14.2-3.1 | Mar 21, 2013 | The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. | ||
| CVE-2013-0220 | — | < 1.14.2-3.1 | 1.14.2-3.1 | Feb 24, 2013 | The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to caus | ||
| CVE-2013-0219 | — | < 1.14.2-3.1 | 1.14.2-3.1 | Feb 24, 2013 | System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. | ||
| CVE-2011-1758 | — | < 1.14.2-3.1 | 1.14.2-3.1 | May 26, 2011 | The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerbero | ||
| CVE-2010-4341 | — | < 1.14.2-3.1 | 1.14.2-3.1 | Jan 25, 2011 | The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. |
- affected < 2.13.0-1.1fixed 2.13.0-1.1
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit terminati
- affected < 2.11.1-2.1fixed 2.11.1-2.1
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. Th
- CVE-2021-3621Dec 23, 2021affected < 2.9.3-2.1fixed 2.9.3-2.1
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access
- CVE-2018-16838Mar 25, 2019affected < 2.9.3-2.1fixed 2.9.3-2.1
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
- CVE-2019-3811Jan 15, 2019affected < 2.9.3-2.1fixed 2.9.3-2.1
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home dire
- affected < 2.5.2-1.4fixed 2.5.2-1.4
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated att
- affected < 2.5.2-1.4fixed 2.5.2-1.4
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versi
- CVE-2014-0249Jun 11, 2014affected < 1.14.2-3.1fixed 1.14.2-3.1
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
- CVE-2013-0287Mar 21, 2013affected < 1.14.2-3.1fixed 1.14.2-3.1
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
- CVE-2013-0220Feb 24, 2013affected < 1.14.2-3.1fixed 1.14.2-3.1
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to caus
- CVE-2013-0219Feb 24, 2013affected < 1.14.2-3.1fixed 1.14.2-3.1
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
- CVE-2011-1758May 26, 2011affected < 1.14.2-3.1fixed 1.14.2-3.1
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerbero
- CVE-2010-4341Jan 25, 2011affected < 1.14.2-3.1fixed 1.14.2-3.1
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.