ALT-PU-2020-2499-1
Closed vulnerabilities
Published: 2023-01-24
BDU:2023-00526
Уязвимость пакета libsss_certmap сервиса управления доступом к удаленным каталогам и механизма аутентификации sssd, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-02-01
Modified: 2025-03-27
Modified: 2025-03-27
CVE-2022-4254
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://access.redhat.com/security/cve/CVE-2022-4254
- https://access.redhat.com/security/cve/CVE-2022-4254
- https://bugzilla.redhat.com/show_bug.cgi?id=2149894
- https://bugzilla.redhat.com/show_bug.cgi?id=2149894
- https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
- https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
- https://github.com/SSSD/sssd/issues/5135
- https://github.com/SSSD/sssd/issues/5135
- [debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update
- [debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update