From ${URL} : SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like '(objectClass=user)(name=user_name)' are used. However, in sysdb_search_user_by_upn_res(), the input is not sanitized and allows to manipulate the search filter for cache lookups. This would allow a logged in user to discover the password hash of a different user. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Upstream patch: https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835?branch=master Included in sssd-1_16_2 sssd-1_16_1 sssd-1_16_0 release.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83537e5d00b6c72da846c7f75f30cabd303677e6 commit 83537e5d00b6c72da846c7f75f30cabd303677e6 Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2018-10-05 13:02:56 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2018-10-05 13:02:56 +0000 sys-auth/sssd: mark stable Bug: https://bugs.gentoo.org/633820 Bug: https://bugs.gentoo.org/662890 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 sys-auth/sssd/sssd-1.16.3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Fixed.
