Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Related bugs and status

CVE-2021-3621 (Candidate) is related to these bugs:

Bug #1946904: Merge sssd from Debian unstable for 22.04

Summary				In	Importance	Status
	1946904	Merge sssd from Debian unstable for 22.04		sssd (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: https://sssd.io/releas...
MLIST: [debian-lts-announce] ...