Source: sssd
Version: 2.12.0-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerabilities were published for sssd.

CVE-2026-14474[0]:
| A flaw was found in SSSD's LDAP sudo provider. When the
| ldap_sudo_search_base option is not explicitly configured, SSSD
| searches the entire LDAP directory tree for sudoRole objects. An
| authenticated attacker with write access to any subtree can inject a
| sudoRole object granting root-level sudo privileges on all SSSD-
| enrolled hosts.


CVE-2026-14476[1]:
| A path traversal flaw was found in SSSD's AD GPO provider. The
| ad_gpo_extract_smb_components() function does not sanitize ..
| sequences in the gPCFileSysPath LDAP attribute, allowing an attacker
| with AD GPO management access to write files outside the GPO cache
| directory as root. On default RHEL configurations with SELinux
| enforcing, this can be used to inject Kerberos configuration leading
| to authentication bypass.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-14474
    https://www.cve.org/CVERecord?id=CVE-2026-14474
[1] https://security-tracker.debian.org/tracker/CVE-2026-14476
    https://www.cve.org/CVERecord?id=CVE-2026-14476

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to