VYPR

rpm package

opensuse/sssd&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/sssd&distro=openSUSE%20Tumbleweed

Vulnerabilities (13)

  • CVE-2026-6245MedApr 15, 2026
    affected < 2.13.0-1.1fixed 2.13.0-1.1

    A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit terminati

  • CVE-2025-11561HigOct 9, 2025
    affected < 2.11.1-2.1fixed 2.11.1-2.1

    A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. Th

  • CVE-2021-3621Dec 23, 2021
    affected < 2.9.3-2.1fixed 2.9.3-2.1

    A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access

  • CVE-2018-16838Mar 25, 2019
    affected < 2.9.3-2.1fixed 2.9.3-2.1

    A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.

  • CVE-2019-3811Jan 15, 2019
    affected < 2.9.3-2.1fixed 2.9.3-2.1

    A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home dire

  • CVE-2017-12173MedJul 27, 2018
    affected < 2.5.2-1.4fixed 2.5.2-1.4

    It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated att

  • CVE-2018-10852LowJun 26, 2018
    affected < 2.5.2-1.4fixed 2.5.2-1.4

    The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versi

  • CVE-2014-0249Jun 11, 2014
    affected < 1.14.2-3.1fixed 1.14.2-3.1

    The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

  • CVE-2013-0287Mar 21, 2013
    affected < 1.14.2-3.1fixed 1.14.2-3.1

    The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

  • CVE-2013-0220Feb 24, 2013
    affected < 1.14.2-3.1fixed 1.14.2-3.1

    The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to caus

  • CVE-2013-0219Feb 24, 2013
    affected < 1.14.2-3.1fixed 1.14.2-3.1

    System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.

  • CVE-2011-1758May 26, 2011
    affected < 1.14.2-3.1fixed 1.14.2-3.1

    The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerbero

  • CVE-2010-4341Jan 25, 2011
    affected < 1.14.2-3.1fixed 1.14.2-3.1

    The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.