PublicDateAtUSN: 2018-06-26 14:29:00 UTC
Candidate: CVE-2018-10852
PublicDate: 2018-06-26 14:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10852
 https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/XUCDLKDVH7HZKPSJ7GEJAVNZS5CW35EK/
 https://ubuntu.com/security/notices/USN-5067-1
Description:
 The UNIX pipe which sudo uses to contact SSSD and read the available sudo
 rules from SSSD has too wide permissions, which means that anyone who can
 send a message using the same raw protocol that sudo and SSSD use can read
 the sudo rules available for any user. This affects versions of SSSD before
 1.16.3.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://pagure.io/SSSD/sssd/issue/3766
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902860
Priority: low
Discovered-by: Jakub Hrozek
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_sssd:
 upstream: https://pagure.io/SSSD/sssd/c/ed90a20a0f0e936eb00d268080716c0384ffb01d
upstream_sssd: released (1.16.3-1)
precise/esm_sssd: DNE
trusty_sssd: ignored (reached end-of-life)
trusty/esm_sssd: DNE (trusty was needed)
xenial_sssd: ignored (end of standard support, was needed)
esm-infra/xenial_sssd: needed
artful_sssd: ignored (reached end-of-life)
bionic_sssd: released (1.16.1-1ubuntu1.8)
cosmic_sssd: ignored (reached end-of-life)
disco_sssd: ignored (reached end-of-life)
eoan_sssd: not-affected (2.2.0-4ubuntu1)
focal_sssd: not-affected (2.2.2-1)
groovy_sssd: not-affected (2.2.2-1)
hirsute_sssd: not-affected (2.2.2-1)
impish_sssd: not-affected (2.2.2-1)
jammy_sssd: not-affected (2.2.2-1)
devel_sssd: not-affected (2.2.2-1)