Red Hat Security Advisory 2018-1877-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The ding-libs packages contain a set of libraries used by the System Security Services Daemon as well as other projects, and provide functions to manipulate file system path names, a hash table to manage storage and access time properties, a data type to collect data in a hierarchical structure, a dynamically growing, reference-counted array, and a library to process configuration files in initialization format into a library collection data structure . Issues addressed include an unsanitized input vulnerability.
c71225130bd3ab1c0a26635e211bffd670b8726cc8a92cc1f60dca7d398961cb
Ubuntu Security Notice 3526-1 - It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information.
b7922c4a9c676f88b0fe0cc2f64efa4fa7aa679e609d7ddd641dc4c26ac2454a
Red Hat Security Advisory 2017-3379-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix: It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
dea99acda0368239d3aafad33e3fc3ca13f9ec7dc4fe436b72b967535a811c17