Vulnerability Description
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Sssd | 2.6.0 |
| Redhat | Virtualization | 4.0 |
| Redhat | Virtualization Host | 4.0 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux Eus | 8.1 |
| Redhat | Enterprise Linux Server Aus | 8.2 |
| Redhat | Enterprise Linux Server Tus | 8.2 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1975142Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/05/msg00028.htmlThird Party Advisory
- https://sssd.io/release-notes/sssd-2.6.0.htmlRelease NotesThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1975142Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/05/msg00028.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html
- https://sssd.io/release-notes/sssd-2.6.0.htmlRelease NotesThird Party Advisory
FAQ
What is CVE-2021-3621?
CVE-2021-3621 is a vulnerability with a CVSS score of 8.8 (HIGH). A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into r...
How severe is CVE-2021-3621?
CVE-2021-3621 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3621?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Sssd, Redhat Virtualization, Redhat Virtualization Host, Redhat Enterprise Linux, Redhat Enterprise Linux Eus.