Bugzilla – Bug 1189492
VUL-0: CVE-2021-3621: sssd: shell command injection in sssctl
Last modified: 2024-07-16 15:40:55 UTC
rh#1975142 `sssctl_run_command()` is a wrapper for running commands via a shell, using glibc's `system()` function call. `sssctl_cache_expire()` and `sssctl_logs_fetch()` allow user provided arguments, and pass them to `sssctl_run_command()` sssctl is limited to root user, however, if an administrator allows unprivileged users to provide arguments to the command (e.g.: via sudo), this could be used to elevate privileges via a shell injection. Although there are no known default configuration where this flaw could be exploited, the admin could have manually created sudo rules to let regular users use sssctl commands, or could be tricked into running a specially crafted sssctl command. References: https://bugzilla.redhat.com/show_bug.cgi?id=1975142 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3621 https://access.redhat.com/errata/RHSA-2021:3151.html
fix: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
tracking a affected: - SUSE:SLE-12-SP4:Update/sssd - SUSE:SLE-12-SP5:Update/sssd - SUSE:SLE-15:Update/sssd - SUSE:SLE-15-SP2:Update/sssd - SUSE:SLE-15-SP3:Update/sssd
# maintenance_jira_update_notice SUSE-SU-2021:2873-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1189492 CVE References: CVE-2021-3621 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): sssd-1.16.1-7.22.4 SUSE Linux Enterprise Server 12-SP5 (src): sssd-1.16.1-7.22.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice SUSE-SU-2021:2941-1: An update that solves one vulnerability and has two fixes is now available. Category: security (important) Bug References: 1183735,1187120,1189492 CVE References: CVE-2021-3621 JIRA References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): sssd-1.16.1-23.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice openSUSE-SU-2021:2941-1: An update that solves one vulnerability and has two fixes is now available. Category: security (important) Bug References: 1183735,1187120,1189492 CVE References: CVE-2021-3621 JIRA References: Sources used: openSUSE Leap 15.3 (src): sssd-1.16.1-23.11.1
SUSE-RU-2021:3185-1: An update that solves one vulnerability, contains one feature and has 5 fixes is now available. Category: recommended (moderate) Bug References: 1182058,1182637,1184289,1187120,1189492,1190021 CVE References: CVE-2021-3621 JIRA References: ECO-3493 Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): sssd-1.16.1-17.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2021:1315-1: An update that solves one vulnerability, contains one feature and has 5 fixes is now available. Category: recommended (moderate) Bug References: 1182058,1182637,1184289,1187120,1189492,1190021 CVE References: CVE-2021-3621 JIRA References: ECO-3493 Sources used: openSUSE Leap 15.2 (src): sssd-1.16.1-lp152.16.3.1
Reassign to security team to close it.
SUSE-SU-2022:0826-1: An update that solves one vulnerability and has two fixes is now available. Category: security (important) Bug References: 1182637,1189492,1190775 CVE References: CVE-2021-3621 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): sssd-1.16.1-8.64.1 SUSE Linux Enterprise Server for SAP 15 (src): sssd-1.16.1-8.64.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): sssd-1.16.1-8.64.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): sssd-1.16.1-8.64.1 SUSE Linux Enterprise Server 15-LTSS (src): sssd-1.16.1-8.64.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): sssd-1.16.1-8.64.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): sssd-1.16.1-8.64.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): sssd-1.16.1-8.64.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): sssd-1.16.1-8.64.1 SUSE Enterprise Storage 6 (src): sssd-1.16.1-8.64.1 SUSE CaaS Platform 4.0 (src): sssd-1.16.1-8.64.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1258-1: An update that solves one vulnerability, contains one feature and has two fixes is now available. Category: security (important) Bug References: 1183735,1189492,1196564 CVE References: CVE-2021-3621 JIRA References: SLE-17773 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): sssd-1.16.1-4.40.1 SUSE OpenStack Cloud 9 (src): sssd-1.16.1-4.40.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): sssd-1.16.1-4.40.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): sssd-1.16.1-4.40.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done
SUSE-SU-2022:2763-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 1182058,1189492,1190775,1195552,1196166 CVE References: CVE-2021-3621 JIRA References: Sources used: openSUSE Leap 15.4 (src): sssd-2.5.2-150400.4.5.14 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): sssd-2.5.2-150400.4.5.14 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.