A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html
https://access.redhat.com/errata/RHSA-2019:2177
https://access.redhat.com/errata/RHSA-2019:2437
Source: MITRE
Published: 2019-03-25
Updated: 2020-10-15
Type: CWE-269
Base Score: 5.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Impact Score: 4.9
Exploitability Score: 8
Severity: MEDIUM
Base Score: 5.4
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Impact Score: 2.5
Exploitability Score: 2.8
Severity: MEDIUM
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145606 | CentOS 8 : sssd (CESA-2019:3651) | Nessus | CentOS Local Security Checks | medium |
135615 | EulerOS Virtualization 3.0.2.2 : sssd (EulerOS-SA-2020-1453) | Nessus | Huawei Local Security Checks | medium |
134498 | EulerOS Virtualization for ARM 64 3.0.2.0 : sssd (EulerOS-SA-2020-1209) | Nessus | Huawei Local Security Checks | medium |
132447 | NewStart CGSL CORE 5.05 / MAIN 5.05 : sssd Multiple Vulnerabilities (NS-SA-2019-0241) | Nessus | NewStart CGSL Local Security Checks | medium |
132202 | EulerOS 2.0 SP3 : sssd (EulerOS-SA-2019-2667) | Nessus | Huawei Local Security Checks | medium |
131670 | EulerOS 2.0 SP2 : sssd (EulerOS-SA-2019-2517) | Nessus | Huawei Local Security Checks | medium |
130652 | EulerOS 2.0 SP5 : sssd (EulerOS-SA-2019-2190) | Nessus | Huawei Local Security Checks | medium |
130562 | RHEL 8 : sssd (RHSA-2019:3651) | Nessus | Red Hat Local Security Checks | medium |
130402 | Amazon Linux 2 : sssd (ALAS-2019-1343) | Nessus | Amazon Linux Local Security Checks | medium |
129890 | NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Multiple Vulnerabilities (NS-SA-2019-0195) | Nessus | NewStart CGSL Local Security Checks | medium |
129797 | Amazon Linux AMI : sssd (ALAS-2019-1307) | Nessus | Amazon Linux Local Security Checks | medium |
128370 | CentOS 7 : sssd (CESA-2019:2177) | Nessus | CentOS Local Security Checks | medium |
128264 | Scientific Linux Security Update : sssd on SL7.x x86_64 (20190806) | Nessus | Scientific Linux Local Security Checks | medium |
127986 | RHEL 7 : Virtualization Manager (RHSA-2019:2437) | Nessus | Red Hat Local Security Checks | medium |
127691 | RHEL 7 : sssd (RHSA-2019:2177) | Nessus | Red Hat Local Security Checks | medium |
126060 | openSUSE Security Update : sssd (openSUSE-2019-1589) | Nessus | SuSE Local Security Checks | medium |
126037 | openSUSE Security Update : sssd (openSUSE-2019-1576) | Nessus | SuSE Local Security Checks | medium |
125876 | SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1480-1) | Nessus | SuSE Local Security Checks | medium |
125875 | SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1477-1) | Nessus | SuSE Local Security Checks | medium |
125874 | SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2019:1476-1) | Nessus | SuSE Local Security Checks | medium |