Description
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Solution(s)
huawei-euleros-2_0_sp8-upgrade-libipa_hbachuawei-euleros-2_0_sp8-upgrade-libsss_autofshuawei-euleros-2_0_sp8-upgrade-libsss_certmaphuawei-euleros-2_0_sp8-upgrade-libsss_idmaphuawei-euleros-2_0_sp8-upgrade-libsss_nss_idmaphuawei-euleros-2_0_sp8-upgrade-libsss_simpleifphuawei-euleros-2_0_sp8-upgrade-libsss_sudohuawei-euleros-2_0_sp8-upgrade-python2-libipa_hbachuawei-euleros-2_0_sp8-upgrade-python2-libsss_nss_idmaphuawei-euleros-2_0_sp8-upgrade-python2-ssshuawei-euleros-2_0_sp8-upgrade-python2-sss-murmurhuawei-euleros-2_0_sp8-upgrade-python2-sssdconfighuawei-euleros-2_0_sp8-upgrade-python3-libipa_hbachuawei-euleros-2_0_sp8-upgrade-python3-libsss_nss_idmaphuawei-euleros-2_0_sp8-upgrade-python3-ssshuawei-euleros-2_0_sp8-upgrade-python3-sss-murmurhuawei-euleros-2_0_sp8-upgrade-python3-sssdconfighuawei-euleros-2_0_sp8-upgrade-sssdhuawei-euleros-2_0_sp8-upgrade-sssd-adhuawei-euleros-2_0_sp8-upgrade-sssd-clienthuawei-euleros-2_0_sp8-upgrade-sssd-commonhuawei-euleros-2_0_sp8-upgrade-sssd-common-pachuawei-euleros-2_0_sp8-upgrade-sssd-dbushuawei-euleros-2_0_sp8-upgrade-sssd-ipahuawei-euleros-2_0_sp8-upgrade-sssd-kcmhuawei-euleros-2_0_sp8-upgrade-sssd-krb5huawei-euleros-2_0_sp8-upgrade-sssd-krb5-commonhuawei-euleros-2_0_sp8-upgrade-sssd-ldaphuawei-euleros-2_0_sp8-upgrade-sssd-libwbclienthuawei-euleros-2_0_sp8-upgrade-sssd-nfs-idmaphuawei-euleros-2_0_sp8-upgrade-sssd-proxyhuawei-euleros-2_0_sp8-upgrade-sssd-toolshuawei-euleros-2_0_sp8-upgrade-sssd-winbind-idmap
Referenceshttps://attackerkb.com/topics/cve-2021-3621CVE - 2021-3621EulerOS-SA-2021-2646
