CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
53.3%
Issue Overview:
Unsanitized input when searching in local cache database
It was found that sssd’s sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173)
Affected Packages:
sssd
Issue Correction:
Run yum update sssd to update your system.
New Packages:
i686:
sssd-client-1.15.2-50.34.amzn1.i686
sssd-ldap-1.15.2-50.34.amzn1.i686
sssd-debuginfo-1.15.2-50.34.amzn1.i686
libsss_autofs-1.15.2-50.34.amzn1.i686
python27-libipa_hbac-1.15.2-50.34.amzn1.i686
sssd-tools-1.15.2-50.34.amzn1.i686
python27-sss-1.15.2-50.34.amzn1.i686
sssd-dbus-1.15.2-50.34.amzn1.i686
libsss_nss_idmap-devel-1.15.2-50.34.amzn1.i686
libsss_idmap-devel-1.15.2-50.34.amzn1.i686
libsss_idmap-1.15.2-50.34.amzn1.i686
sssd-ipa-1.15.2-50.34.amzn1.i686
libsss_simpleifp-1.15.2-50.34.amzn1.i686
python27-libsss_nss_idmap-1.15.2-50.34.amzn1.i686
sssd-common-1.15.2-50.34.amzn1.i686
sssd-libwbclient-1.15.2-50.34.amzn1.i686
sssd-winbind-idmap-1.15.2-50.34.amzn1.i686
libsss_certmap-1.15.2-50.34.amzn1.i686
libsss_nss_idmap-1.15.2-50.34.amzn1.i686
sssd-krb5-1.15.2-50.34.amzn1.i686
sssd-1.15.2-50.34.amzn1.i686
libsss_certmap-devel-1.15.2-50.34.amzn1.i686
python27-sss-murmur-1.15.2-50.34.amzn1.i686
libipa_hbac-1.15.2-50.34.amzn1.i686
libipa_hbac-devel-1.15.2-50.34.amzn1.i686
sssd-ad-1.15.2-50.34.amzn1.i686
sssd-krb5-common-1.15.2-50.34.amzn1.i686
sssd-libwbclient-devel-1.15.2-50.34.amzn1.i686
libsss_sudo-1.15.2-50.34.amzn1.i686
sssd-common-pac-1.15.2-50.34.amzn1.i686
sssd-proxy-1.15.2-50.34.amzn1.i686
libsss_simpleifp-devel-1.15.2-50.34.amzn1.i686
noarch:
python27-sssdconfig-1.15.2-50.34.amzn1.noarch
src:
sssd-1.15.2-50.34.amzn1.src
x86_64:
sssd-krb5-1.15.2-50.34.amzn1.x86_64
sssd-proxy-1.15.2-50.34.amzn1.x86_64
libsss_simpleifp-devel-1.15.2-50.34.amzn1.x86_64
sssd-krb5-common-1.15.2-50.34.amzn1.x86_64
libsss_idmap-devel-1.15.2-50.34.amzn1.x86_64
libsss_autofs-1.15.2-50.34.amzn1.x86_64
sssd-common-pac-1.15.2-50.34.amzn1.x86_64
libsss_nss_idmap-devel-1.15.2-50.34.amzn1.x86_64
sssd-debuginfo-1.15.2-50.34.amzn1.x86_64
python27-libipa_hbac-1.15.2-50.34.amzn1.x86_64
sssd-ad-1.15.2-50.34.amzn1.x86_64
sssd-common-1.15.2-50.34.amzn1.x86_64
python27-sss-murmur-1.15.2-50.34.amzn1.x86_64
sssd-winbind-idmap-1.15.2-50.34.amzn1.x86_64
sssd-1.15.2-50.34.amzn1.x86_64
python27-sss-1.15.2-50.34.amzn1.x86_64
sssd-libwbclient-1.15.2-50.34.amzn1.x86_64
sssd-dbus-1.15.2-50.34.amzn1.x86_64
libsss_certmap-1.15.2-50.34.amzn1.x86_64
libsss_nss_idmap-1.15.2-50.34.amzn1.x86_64
libipa_hbac-devel-1.15.2-50.34.amzn1.x86_64
libsss_certmap-devel-1.15.2-50.34.amzn1.x86_64
libsss_sudo-1.15.2-50.34.amzn1.x86_64
sssd-libwbclient-devel-1.15.2-50.34.amzn1.x86_64
python27-libsss_nss_idmap-1.15.2-50.34.amzn1.x86_64
libipa_hbac-1.15.2-50.34.amzn1.x86_64
libsss_simpleifp-1.15.2-50.34.amzn1.x86_64
sssd-ipa-1.15.2-50.34.amzn1.x86_64
sssd-client-1.15.2-50.34.amzn1.x86_64
sssd-ldap-1.15.2-50.34.amzn1.x86_64
libsss_idmap-1.15.2-50.34.amzn1.x86_64
sssd-tools-1.15.2-50.34.amzn1.x86_64
Red Hat: CVE-2017-12173
Mitre: CVE-2017-12173
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | sssd-client | < 1.15.2-50.34.amzn1 | sssd-client-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-ldap | < 1.15.2-50.34.amzn1 | sssd-ldap-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-debuginfo | < 1.15.2-50.34.amzn1 | sssd-debuginfo-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libsss_autofs | < 1.15.2-50.34.amzn1 | libsss_autofs-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python27-libipa_hbac | < 1.15.2-50.34.amzn1 | python27-libipa_hbac-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-tools | < 1.15.2-50.34.amzn1 | sssd-tools-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python27-sss | < 1.15.2-50.34.amzn1 | python27-sss-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sssd-dbus | < 1.15.2-50.34.amzn1 | sssd-dbus-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libsss_nss_idmap-devel | < 1.15.2-50.34.amzn1 | libsss_nss_idmap-devel-1.15.2-50.34.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libsss_idmap-devel | < 1.15.2-50.34.amzn1 | libsss_idmap-devel-1.15.2-50.34.amzn1.i686.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
53.3%