Amazon Linux AMI : sssd (ALAS-2017-935)
High Nessus Plugin ID 105420
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionUnsanitized input when searching in local cache database
It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173)
SolutionRun 'yum update sssd' to update your system.