A security issue has been reported in SSSD, which can be exploited by malicious people to hijack another user's account.
The security issue is caused due to the automatic ticket renewal service setting the credential cache path as the user's cached credentials, which can be exploited to log in as another user by determining or predicting the name of the other user's cache file.
Successful exploitation requires that the automatic ticket renewal option and offline authentication are enabled, the SSSD daemon is authenticating in offline mode, and a renewal operation for the victim user has been performed without any further authentication from the victim user taking place.
Note: Remote attackers may only be able to predict the filename if the "mkstemp()" suffix has been removed from the "krb5_ccache_template" SSSD configuration option.
The vulnerability is reported in versions 1.5.x prior to 1.5.7.
Solution: Update to version 1.5.7.
Provided and/or discovered by: The vendor credits Marko Myllynen, Red Hat.
Original Advisory: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com