URL: https://github.com/SSSD/sssd/pull/5749 Author: alexey-tikhonov Title: #5749: 1.16: TOOLS: replace system() with execvp() Action: opened
PR body: """ to avoid execution of user supplied command
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
:fixes: CVE-2021-3621 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5749/head:pr5749 git checkout pr5749