Описание
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Отчет
This vulnerability was introduced in sudo 1.8.24 which affects IPA-sudo integration as used in FreeIPA, where sudoers parsing was unified. This issue was fixed in sudo-1.8.25p1-7.el8.x86_64 by RHBA-2019:3598. Red Hat ships fixed versions of sudo. Hence, Red Hat Enterprise Linux is not affected by this CVE. https://access.redhat.com/errata/RHBA-2019:3598
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | sudo | Not affected | ||
| Red Hat Enterprise Linux 7 | sudo | Not affected | ||
| Red Hat Enterprise Linux 8 | sudo | Not affected | ||
| Red Hat Enterprise Linux 9 | sudo | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.6 Medium
CVSS3
Связанные уязвимости
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
A flaw was found in sudo in the handling of ipa_hostname, where ipa_ho ...
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
EPSS
6.6 Medium
CVSS3