Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 633820 (CVE-2017-12173) - sys-auth/sssd: unsanitized input when searching in local cache database (CVE-2017-12173)
Summary: sys-auth/sssd: unsanitized input when searching in local cache database (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2017-12173
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-09 09:03 UTC by Agostino Sarubbo
Modified: 2018-10-05 13:06 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-10-09 09:03:45 UTC
From ${URL} :

SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like '(objectClass=user)(name=user_name)' are used. However, in 
sysdb_search_user_by_upn_res(), the input is not sanitized and allows to manipulate the search filter for cache lookups.

This would allow a logged in user to discover the password hash of a different user.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-08-05 23:03:39 UTC
Upstream patch:
https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835?branch=master

Included in sssd-1_16_2 sssd-1_16_1 sssd-1_16_0 release.
Comment 2 Larry the Git Cow gentoo-dev 2018-10-05 13:03:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83537e5d00b6c72da846c7f75f30cabd303677e6

commit 83537e5d00b6c72da846c7f75f30cabd303677e6
Author:     Mikle Kolyada <zlogene@gentoo.org>
AuthorDate: 2018-10-05 13:02:56 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2018-10-05 13:02:56 +0000

    sys-auth/sssd: mark stable
    
    Bug: https://bugs.gentoo.org/633820
    Bug: https://bugs.gentoo.org/662890
    Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
    Package-Manager: Portage-2.3.49, Repoman-2.3.11

 sys-auth/sssd/sssd-1.16.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-10-05 13:06:38 UTC
Fixed.