{"id":"MGASA-2017-0421","summary":"Updated sssd packages fix security vulnerability","details":"SSSD stores its cached data in an LDAP like local database file using\nlibldb. To lookup cached data LDAP search filters like\n'(objectClass=user) (name=user_name)' are used. However, in\nsysdb_search_user_by_upn_res(), the input is not sanitized and allows to\nmanipulate the search filter for cache lookups. This would allow a\nlogged in user to discover the password hash of a different user\n(CVE-2017-12173).\n","modified":"2026-04-16T01:47:56.114263583Z","published":"2017-11-20T21:18:02Z","upstream":["CVE-2017-12173"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0421.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21917"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-11/msg00016.html"}],"affected":[{"package":{"name":"sssd","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/sssd?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.4-9.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0421.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}