CVE-2021-3621
published 2021-12-23CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sssd | < sssd 2.5.2-1 (bookworm) | sssd 2.5.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | >= 0 < 2.4.1-2+deb11u1 | 2.4.1-2+deb11u1 |
| fedoraproject | sssd | >= 0 < 2.5.2-1 | 2.5.2-1 |
| fedoraproject | sssd | >= 0 < 2.5.2-1 | 2.5.2-1 |
| fedoraproject | sssd | >= 0 < 2.5.2-1 | 2.5.2-1 |
| fedoraproject | sssd | >= 0 < 1.16.1-1ubuntu1.8 | 1.16.1-1ubuntu1.8 |
| fedoraproject | sssd | >= 0 < 2.2.3-3ubuntu0.7 | 2.2.3-3ubuntu0.7 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | virtualization | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH