Oval Definition:oval:org.opensuse.security:def:201816883
Revision Date:2022-09-02Version:1
Title:CVE-2018-16883
Description:

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2018-16883
SUSE CVE-2018-16883
Platform(s):SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND sssd is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • OR SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • AND sssd is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • AND
  • libipa_hbac0 is not affected
  • OR libsss_idmap0 is not affected
  • OR libsss_nss_idmap0 is not affected
  • OR libsss_sudo is not affected
  • OR python-sssd-config is not affected
  • OR sssd is not affected
  • OR sssd-32bit is not affected
  • OR sssd-ad is not affected
  • OR sssd-ipa is not affected
  • OR sssd-krb5 is not affected
  • OR sssd-krb5-common is not affected
  • OR sssd-ldap is not affected
  • OR sssd-proxy is not affected
  • OR sssd-tools is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • AND sssd is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • AND
  • libipa_hbac0 is not affected
  • OR libsss_idmap0 is not affected
  • OR libsss_nss_idmap0 is not affected
  • OR libsss_sudo is not affected
  • OR python-sssd-config is not affected
  • OR sssd is not affected
  • OR sssd-32bit is not affected
  • OR sssd-ad is not affected
  • OR sssd-ipa is not affected
  • OR sssd-krb5 is not affected
  • OR sssd-krb5-common is not affected
  • OR sssd-ldap is not affected
  • OR sssd-proxy is not affected
  • OR sssd-tools is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND sssd is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • OR SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND sssd is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND sssd is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • AND sssd is not affected
    • BACK