exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2021-3621

Status Candidate

Overview

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Related Files

Gentoo Linux Security Advisory 202208-09
Posted Aug 10, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-9 - Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions less than 1.9.17 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-25201, CVE-2020-25864, CVE-2020-28053, CVE-2021-28156, CVE-2021-32574, CVE-2021-36213, CVE-2021-38698, CVE-2022-24687, CVE-2022-29153
SHA-256 | bd7d7988fa234190975e9fd8fcaaf69efde7aa9b404976582474894dfe9fee0e
Red Hat Security Advisory 2021-3477-01
Posted Sep 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3477-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-22555, CVE-2021-31535, CVE-2021-32399, CVE-2021-3621, CVE-2021-3715
SHA-256 | 7dba6acf5672fd4d58b17b842295a37b3063e17a6e0780b04cab5d26aa25cbaf
Ubuntu Security Notice USN-5067-1
Posted Sep 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5067-1 - Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. It was discovered that SSSD incorrectly handled Group Policy Objects. When SSSD is configured with too strict permissions causing the GPO to not be readable, SSSD will allow all authenticated users to login instead of being denied, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-10852, CVE-2018-16838, CVE-2019-3811, CVE-2021-3621
SHA-256 | 57bb124cbecf36bdb8d4f0c37b6abc7cd806b1d2b852b746eea1be28e8aa2a43
Red Hat Security Advisory 2021-3365-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3365-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2021-3621
SHA-256 | 78001f6c9639c547e5c02f6d2d0eb6af89b0679a44464bb574d3fe49f62bc0e8
Red Hat Security Advisory 2021-3336-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3336-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include code execution and memory leak vulnerabilities.

tags | advisory, remote, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2021-3621
SHA-256 | 54f66e5359a57b171b3e4c726f136964af55a259d8f94333f614c48ca9cc2955
Red Hat Security Advisory 2021-3235-01
Posted Aug 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3235-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, bypass, code execution, out of bounds write, and privilege escalation vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-22543, CVE-2021-22555, CVE-2021-3609, CVE-2021-3621
SHA-256 | f286c4f6d85e2f33403a2dacd758e8f35f083b2b3b3b066fb546a1d7034c2479
Red Hat Security Advisory 2021-3178-01
Posted Aug 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3178-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2021-3621
SHA-256 | daec0a33b20477a01639cbec7dbca8fb73275d91a7620baa7d9df982d7e215cb
Red Hat Security Advisory 2021-3151-01
Posted Aug 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3151-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2021-3621
SHA-256 | 59fac3df38bab47ae3d641568c60c05d7a82e587dd845dad301a0ba907d69c5f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close