Advisories ยป MGASA-2018-0350

Updated sssd packages fix security vulnerability

Publication date: 23 Aug 2018
Modification date: 23 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10852

Description

Updated sssd packages fix security vulnerability:

The UNIX socket that is used for communication between the sudo utility
and the sssd-sudo responder had its permissions set to world-readable and
writable, which means that anyone who can send a message using the same
raw protocol that sudo and SSSD use can read the sudo rules available for
any user (CVE-2018-10852).
                

References

SRPMS

6/core