CVE-2018-10852

CWE-200Information Exposure10 documents8 sources
Severity
7.5HIGH
EPSS
0.3%
top 49.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Fedoraproject Sssd[unknown] SssdDebian Debian Linux+3 more
Timeline
PublishedJun 26
Latest updateMay 13

Description

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages7 packages

NVDfedoraproject/sssd< 1.16.3
Debiansssd< 1.16.3-1+3
Ubuntusssd< 1.16.1-1ubuntu1.8+1
CVEListV5[unknown]/sssdSSSD 1.16.3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
GHSA
GHSA-fw39-25vp-7459: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can se2022-05-13
OSV
sssd vulnerabilities2021-09-08
CVEList
CVE-2018-10852: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can se2018-06-26
OSV
CVE-2018-10852: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can se2018-06-26

📋Vendor Advisories

3
Ubuntu
SSSD vulnerabilities2021-09-08
Red Hat
sssd: information leak from the sssd-sudo responder2018-06-26
Debian
CVE-2018-10852: sssd - The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules ...2018

💬Community

2
Bugzilla
CVE-2018-10852 sssd: information leak from the sssd-sudo responder [fedora-all]2018-06-26
Bugzilla
CVE-2018-10852 sssd: information leak from the sssd-sudo responder2018-06-07
CVE-2018-10852 (HIGH CVSS 7.5) | The UNIX pipe which sudo uses to co | cvebase.io