[Bug 1975142] CVE-2021-3621 sssd: shell command injection in sssctl - Sssd-maintainers - Fedora mailing-lists

23 Dec 2021


      https://bugzilla.redhat.com/show_bug.cgi?id=1975142
Pedro Sampaio psampaio@redhat.com changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
            Comment|0                           |updated
--- Comment #0 has been edited ---
`sssctl_run_command()` is a wrapper for running commands via a shell, using
glibc's `system()` function call.
`sssctl_cache_expire()` and `sssctl_logs_fetch()` allow user provided
arguments, and pass them to `sssctl_run_command()`
sssctl is limited to root user, however, if an administrator allows
unprivileged users to provide arguments to the command (e.g.: via sudo), this
could be used to elevate privileges via a shell injection.
Although there are no known default configuration where this flaw could be
exploited, the admin could have manually created sudo rules to let regular
users use sssctl commands, or could be tricked into running a specially crafted
sssctl command.
References:
https://sssd.io/release-notes/sssd-2.6.0.html
-- 
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1975142