Unsanitized input when searching in local cache database
It was found that sssd’s sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173 )
QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 1.15.2-50.34.amzn1: sssd-krb5,sssd-proxy,libsss_simpleifp-devel,sssd-krb5-common,libsss_idmap-devel,libsss_autofs,sssd-common-pac,libsss_nss_idmap-devel,sssd-debuginfo,python27-libipa_hbac,sssd-ad,sssd-common,python27-sss-murmur,sssd-winbind-idmap,sssd,python27-sss,sssd-libwbclient,sssd-dbus,libsss_certmap,libsss_nss_idmap,libipa_hbac-devel,libsss_certmap-devel,libsss_sudo,sssd-libwbclient-devel,python27-libsss_nss_idmap,libipa_hbac,libsss_simpleifp,sssd-ipa,sssd-client,sssd-ldap,libsss_idmap,sssd-tools,python27-sssdconfig
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Please refer to Amazon advisory ALAS-2017-935 for affected packages and patching details, or update with your package manager.
Following are links for downloading patches to fix the vulnerabilities: