CVE-2018-10852 (https://nvd.nist.gov/vuln/detail/CVE-2018-10852): The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
fixed in 1.16.3
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83537e5d00b6c72da846c7f75f30cabd303677e6 commit 83537e5d00b6c72da846c7f75f30cabd303677e6 Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2018-10-05 13:02:56 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2018-10-05 13:02:56 +0000 sys-auth/sssd: mark stable Bug: https://bugs.gentoo.org/633820 Bug: https://bugs.gentoo.org/662890 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 sys-auth/sssd/sssd-1.16.3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Fixed.
