URL: https://github.com/SSSD/sssd/pull/5749 Author: alexey-tikhonov Title: #5749: 1.16: TOOLS: replace system() with execvp() Action: opened
PR body: """ to avoid execution of user supplied command
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
:fixes: CVE-2021-3621 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5749/head:pr5749 git checkout pr5749
URL: https://github.com/SSSD/sssd/pull/5749 Title: #5749: 1.16: TOOLS: replace system() with execvp()
Label: +Waiting for review
URL: https://github.com/SSSD/sssd/pull/5749 Author: alexey-tikhonov Title: #5749: 1.16: TOOLS: replace system() with execvp() Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5749/head:pr5749 git checkout pr5749
URL: https://github.com/SSSD/sssd/pull/5749 Title: #5749: 1.16: TOOLS: replace system() with execvp()
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/5749 Title: #5749: 1.16: TOOLS: replace system() with execvp()
Label: -Waiting for review
URL: https://github.com/SSSD/sssd/pull/5749 Title: #5749: 1.16: TOOLS: replace system() with execvp()
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5749 Title: #5749: 1.16: TOOLS: replace system() with execvp()
pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5749
* `sssd-1-16` * b4b32677a886bc26d60ce0171505aa3ab0c82c8a - TOOLS: replace system() with execvp() to avoid execution of user supplied command
"""
See the full comment at https://github.com/SSSD/sssd/pull/5749#issuecomment-899562621
URL: https://github.com/SSSD/sssd/pull/5749 Title: #5749: 1.16: TOOLS: replace system() with execvp()
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/5749 Title: #5749: 1.16: TOOLS: replace system() with execvp()
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/5749 Title: #5749: 1.16: TOOLS: replace system() with execvp()
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5749 Author: alexey-tikhonov Title: #5749: 1.16: TOOLS: replace system() with execvp() Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5749/head:pr5749 git checkout pr5749
sssd-devel@lists.fedorahosted.org
-
alexey-tikhonov -
pbrezina