The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
sssd | lt | 1.16.3 | |
enterprise_linux_desktop | eq | 7.0 | |
enterprise_linux_server | eq | 7.0 | |
enterprise_linux_workstation | eq | 7.0 |