SSSD
Products
1- 16 CVEs
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11561 | Hig | 0.57 | 8.8 | 0.01 | Oct 9, 2025 | A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible.… | ||
| CVE-2026-12610 | mod | 0.42 | 6.4 | — | Jun 9, 2026 | sssd: Use-after-free crash in SSSD' 'sssd_pam' process | ||
| CVE-2026-6245 | Med | 0.36 | 5.5 | 0.00 | Apr 15, 2026 | A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit… | ||
| CVE-2017-12173 | Med | 0.28 | 4.3 | 0.01 | Jul 27, 2018 | It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated… | ||
| CVE-2023-3758 | 0.00 | — | 0.01 | Apr 18, 2024 | A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. | |||
| CVE-2022-4254 | 0.00 | — | 0.01 | Feb 1, 2023 | sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters | |||
| CVE-2021-3621 | 0.00 | — | 0.03 | Dec 23, 2021 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root… | |||
| CVE-2012-3462 | 0.00 | — | 0.02 | Dec 26, 2019 | A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. | |||
| CVE-2019-3811 | 0.00 | — | 0.01 | Jan 15, 2019 | A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home… | |||
| CVE-2018-16883 | 0.00 | — | 0.00 | Dec 19, 2018 | sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. | |||
| CVE-2015-5292 | 0.00 | — | 0.04 | Oct 29, 2015 | Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that… | |||
| CVE-2014-0249 | 0.00 | — | 0.00 | Jun 11, 2014 | The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. | |||
| CVE-2013-0219 | 0.00 | — | 0.00 | Feb 24, 2013 | System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. | |||
| CVE-2011-1758 | 0.00 | — | 0.00 | May 26, 2011 | The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass… | |||
| CVE-2010-4341 | 0.00 | — | 0.00 | Jan 25, 2011 | The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. | |||
| CVE-2009-2410 | 0.00 | — | 0.02 | Jul 30, 2009 | The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with… |
- risk 0.57cvss 8.8epss 0.01
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible.…
- risk 0.42cvss 6.4epss —
sssd: Use-after-free crash in SSSD' 'sssd_pam' process
- risk 0.36cvss 5.5epss 0.00
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit…
- risk 0.28cvss 4.3epss 0.01
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated…
- CVE-2023-3758Apr 18, 2024risk 0.00cvss —epss 0.01
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
- CVE-2022-4254Feb 1, 2023risk 0.00cvss —epss 0.01
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
- CVE-2021-3621Dec 23, 2021risk 0.00cvss —epss 0.03
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root…
- CVE-2012-3462Dec 26, 2019risk 0.00cvss —epss 0.02
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
- CVE-2019-3811Jan 15, 2019risk 0.00cvss —epss 0.01
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home…
- CVE-2018-16883Dec 19, 2018risk 0.00cvss —epss 0.00
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
- CVE-2015-5292Oct 29, 2015risk 0.00cvss —epss 0.04
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that…
- CVE-2014-0249Jun 11, 2014risk 0.00cvss —epss 0.00
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
- CVE-2013-0219Feb 24, 2013risk 0.00cvss —epss 0.00
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
- CVE-2011-1758May 26, 2011risk 0.00cvss —epss 0.00
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass…
- CVE-2010-4341Jan 25, 2011risk 0.00cvss —epss 0.00
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
- CVE-2009-2410Jul 30, 2009risk 0.00cvss —epss 0.02
The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with…