DEBIAN-CVE-2018-10852

DEBIAN-CVE-2018-10852 PUBLISHED CVSS 7.5 HIGH

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:12	sssd	0, 0, 0
Debian:13	sssd	0, 0, 0
Debian:11	sssd	0, 0, 0
Debian:14	sssd	0

Timeline

Jun 26, 2018 CVE Published
May 10, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-10852 advisory

Open in Interactive Console →