exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2021-3621

Status Candidate

Overview

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Related Files

Gentoo Linux Security Advisory 202208-09
Posted Aug 10, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-9 - Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions less than 1.9.17 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-25201, CVE-2020-25864, CVE-2020-28053, CVE-2021-28156, CVE-2021-32574, CVE-2021-36213, CVE-2021-38698, CVE-2022-24687, CVE-2022-29153
SHA-256 | bd7d7988fa234190975e9fd8fcaaf69efde7aa9b404976582474894dfe9fee0e
Red Hat Security Advisory 2021-3477-01
Posted Sep 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3477-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-22555, CVE-2021-31535, CVE-2021-32399, CVE-2021-3621, CVE-2021-3715
SHA-256 | 7dba6acf5672fd4d58b17b842295a37b3063e17a6e0780b04cab5d26aa25cbaf
Ubuntu Security Notice USN-5067-1
Posted Sep 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5067-1 - Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. It was discovered that SSSD incorrectly handled Group Policy Objects. When SSSD is configured with too strict permissions causing the GPO to not be readable, SSSD will allow all authenticated users to login instead of being denied, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-10852, CVE-2018-16838, CVE-2019-3811, CVE-2021-3621
SHA-256 | 57bb124cbecf36bdb8d4f0c37b6abc7cd806b1d2b852b746eea1be28e8aa2a43
Red Hat Security Advisory 2021-3365-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3365-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2021-3621
SHA-256 | 78001f6c9639c547e5c02f6d2d0eb6af89b0679a44464bb574d3fe49f62bc0e8
Red Hat Security Advisory 2021-3336-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3336-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include code execution and memory leak vulnerabilities.

tags | advisory, remote, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2021-3621
SHA-256 | 54f66e5359a57b171b3e4c726f136964af55a259d8f94333f614c48ca9cc2955
Red Hat Security Advisory 2021-3235-01
Posted Aug 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3235-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, bypass, code execution, out of bounds write, and privilege escalation vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-22543, CVE-2021-22555, CVE-2021-3609, CVE-2021-3621
SHA-256 | f286c4f6d85e2f33403a2dacd758e8f35f083b2b3b3b066fb546a1d7034c2479
Red Hat Security Advisory 2021-3178-01
Posted Aug 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3178-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2021-3621
SHA-256 | daec0a33b20477a01639cbec7dbca8fb73275d91a7620baa7d9df982d7e215cb
Red Hat Security Advisory 2021-3151-01
Posted Aug 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3151-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2021-3621
SHA-256 | 59fac3df38bab47ae3d641568c60c05d7a82e587dd845dad301a0ba907d69c5f
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close