Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/sssd@2.4.1-2?distro=trixie
purl pkg:deb/debian/sssd@2.4.1-2?distro=trixie
Next non-vulnerable version 2.4.1-2+deb11u1
Latest non-vulnerable version 2.12.0-4
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ztj4-pvvh-wuay
Aliases:
CVE-2025-11561
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
2.12.0-1
Affected by 0 other vulnerabilities.
2.12.0-4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (19)
Vulnerability Summary Aliases
VCID-3sh2-437b-ayfj sssd: Out-of-bounds read flaws in autofs and ssh services responders CVE-2013-0220
VCID-5hxw-dnz2-v7by sssd: fallback_homedir returns '/' for empty home directories in passwd file CVE-2019-3811
VCID-68qt-2ghp-dba7 sssd: allows null password entry to authenticate against LDAP CVE-2010-2940
VCID-9vna-wqey-kkdm SSSD accepts any password when offline with a valid TGT available CVE-2010-0014
VCID-bveu-ff3p-gfh7 sssd: information leak from the sssd-sudo responder CVE-2018-10852
VCID-d4ke-65rx-13ac sssd: incorrect expansion of group membership when encountering a non-POSIX group CVE-2014-0249
VCID-f5pv-qsd2-gkda sssd: DoS in sssd PAM responder can prevent logins CVE-2010-4341
VCID-gn4q-ub2s-hbcz The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. CVE-2011-1758
VCID-jhrd-1f8g-6ueh sssd: unsanitized input when searching in local cache database CVE-2017-12173
VCID-kb5t-88br-5yh8 sssd: TOCTOU race conditions by copying and removing directory trees CVE-2013-0219
VCID-r1m1-kp4g-pbc7 A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution. CVE-2021-3621
VCID-t4w3-vj56-4fcq sssd: Race condition during authorization leads to GPO policies functioning inconsistently CVE-2023-3758
VCID-t5gr-yesx-hqah sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters CVE-2022-4254
VCID-w78p-q142-juh7 The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection. CVE-2009-2410
VCID-wz3w-7eag-83ft sssd: simple access provider flaw prevents intended ACL use when client to an AD provider CVE-2013-0287
VCID-xpwr-fzex-m7fa A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. CVE-2012-3462
VCID-yn22-35eg-1khb sssd: improper implementation of GPOs due to too restrictive permissions CVE-2018-16838
VCID-zee4-1xpd-27bc sssd: Information leak in infopipe due to an improper uid restriction CVE-2018-16883
VCID-zz4w-9935-q3gc sssd: memory leak in the sssd_pac_plugin CVE-2015-5292

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-02T06:44:58.106031+00:00 Debian Importer Fixing VCID-r1m1-kp4g-pbc7 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T06:34:02.881166+00:00 Debian Importer Fixing VCID-zee4-1xpd-27bc https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T06:15:23.690614+00:00 Debian Importer Fixing VCID-3sh2-437b-ayfj https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T04:45:55.227848+00:00 Debian Importer Fixing VCID-xpwr-fzex-m7fa https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T04:44:10.613840+00:00 Debian Importer Fixing VCID-jhrd-1f8g-6ueh https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T04:26:33.083792+00:00 Debian Importer Fixing VCID-w78p-q142-juh7 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T04:23:44.634223+00:00 Debian Importer Fixing VCID-gn4q-ub2s-hbcz https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T02:59:54.629434+00:00 Debian Importer Fixing VCID-d4ke-65rx-13ac https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T02:44:22.424864+00:00 Debian Importer Fixing VCID-bveu-ff3p-gfh7 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T02:39:28.143154+00:00 Debian Importer Fixing VCID-5hxw-dnz2-v7by https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T01:51:36.925758+00:00 Debian Importer Fixing VCID-9vna-wqey-kkdm https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T00:58:46.923725+00:00 Debian Importer Fixing VCID-yn22-35eg-1khb https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T00:35:49.971076+00:00 Debian Importer Fixing VCID-kb5t-88br-5yh8 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T00:04:21.719036+00:00 Debian Importer Fixing VCID-t5gr-yesx-hqah https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T00:02:28.726941+00:00 Debian Importer Fixing VCID-68qt-2ghp-dba7 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T23:57:12.143449+00:00 Debian Importer Fixing VCID-f5pv-qsd2-gkda https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:52:24.676584+00:00 Debian Importer Fixing VCID-zz4w-9935-q3gc https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:22:47.173921+00:00 Debian Importer Fixing VCID-wz3w-7eag-83ft https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:20:48.736394+00:00 Debian Importer Fixing VCID-t4w3-vj56-4fcq https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-04-28T13:54:41.413295+00:00 Debian Importer Affected by VCID-ztj4-pvvh-wuay https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:29:44.007948+00:00 Debian Importer Fixing VCID-jhrd-1f8g-6ueh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:02:05.623690+00:00 Debian Importer Fixing VCID-zee4-1xpd-27bc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:59:37.783290+00:00 Debian Importer Fixing VCID-t5gr-yesx-hqah https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:51:42.123759+00:00 Debian Importer Fixing VCID-d4ke-65rx-13ac https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:47:36.029241+00:00 Debian Importer Fixing VCID-5hxw-dnz2-v7by https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:44:27.178320+00:00 Debian Importer Fixing VCID-r1m1-kp4g-pbc7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:23:20.321888+00:00 Debian Importer Fixing VCID-3sh2-437b-ayfj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:43:11.290254+00:00 Debian Importer Fixing VCID-xpwr-fzex-m7fa https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:36:44.121831+00:00 Debian Importer Fixing VCID-kb5t-88br-5yh8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:34:27.782458+00:00 Debian Importer Fixing VCID-w78p-q142-juh7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:33:19.459743+00:00 Debian Importer Fixing VCID-gn4q-ub2s-hbcz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:20:43.328622+00:00 Debian Importer Fixing VCID-zz4w-9935-q3gc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:01:59.704081+00:00 Debian Importer Fixing VCID-9vna-wqey-kkdm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:50:31.132652+00:00 Debian Importer Fixing VCID-bveu-ff3p-gfh7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:43:37.491287+00:00 Debian Importer Fixing VCID-t4w3-vj56-4fcq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:02:32.141792+00:00 Debian Importer Fixing VCID-yn22-35eg-1khb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:38:10.564726+00:00 Debian Importer Fixing VCID-68qt-2ghp-dba7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:35:45.200164+00:00 Debian Importer Fixing VCID-f5pv-qsd2-gkda https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:54:34.556860+00:00 Debian Importer Fixing VCID-wz3w-7eag-83ft https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:18:47.663799+00:00 Debian Importer Fixing VCID-jhrd-1f8g-6ueh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:57:33.558590+00:00 Debian Importer Fixing VCID-zee4-1xpd-27bc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:55:41.173443+00:00 Debian Importer Fixing VCID-t5gr-yesx-hqah https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:49:39.896705+00:00 Debian Importer Fixing VCID-d4ke-65rx-13ac https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:46:32.020540+00:00 Debian Importer Fixing VCID-5hxw-dnz2-v7by https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:44:11.573040+00:00 Debian Importer Fixing VCID-r1m1-kp4g-pbc7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:28:37.169464+00:00 Debian Importer Fixing VCID-3sh2-437b-ayfj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:59:17.974234+00:00 Debian Importer Fixing VCID-xpwr-fzex-m7fa https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:54:53.427757+00:00 Debian Importer Fixing VCID-kb5t-88br-5yh8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:53:26.450677+00:00 Debian Importer Fixing VCID-w78p-q142-juh7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:52:39.159592+00:00 Debian Importer Fixing VCID-gn4q-ub2s-hbcz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:43:22.398931+00:00 Debian Importer Fixing VCID-zz4w-9935-q3gc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:29:25.617364+00:00 Debian Importer Fixing VCID-9vna-wqey-kkdm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:20:25.030157+00:00 Debian Importer Fixing VCID-bveu-ff3p-gfh7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:15:14.107125+00:00 Debian Importer Fixing VCID-t4w3-vj56-4fcq https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:44:10.175276+00:00 Debian Importer Fixing VCID-yn22-35eg-1khb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:24:47.488976+00:00 Debian Importer Fixing VCID-68qt-2ghp-dba7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:23:25.177536+00:00 Debian Importer Fixing VCID-f5pv-qsd2-gkda https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:58:45.588184+00:00 Debian Importer Fixing VCID-wz3w-7eag-83ft https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:53:27.023985+00:00 Debian Importer Affected by VCID-ztj4-pvvh-wuay https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.973084+00:00 Debian Importer Fixing VCID-t4w3-vj56-4fcq https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.934500+00:00 Debian Importer Fixing VCID-t5gr-yesx-hqah https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.879786+00:00 Debian Importer Fixing VCID-r1m1-kp4g-pbc7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.829472+00:00 Debian Importer Fixing VCID-5hxw-dnz2-v7by https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.780238+00:00 Debian Importer Fixing VCID-zee4-1xpd-27bc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.727172+00:00 Debian Importer Fixing VCID-yn22-35eg-1khb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.677057+00:00 Debian Importer Fixing VCID-bveu-ff3p-gfh7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.627340+00:00 Debian Importer Fixing VCID-jhrd-1f8g-6ueh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.580168+00:00 Debian Importer Fixing VCID-zz4w-9935-q3gc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.534492+00:00 Debian Importer Fixing VCID-d4ke-65rx-13ac https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.483998+00:00 Debian Importer Fixing VCID-wz3w-7eag-83ft https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.440175+00:00 Debian Importer Fixing VCID-3sh2-437b-ayfj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.391413+00:00 Debian Importer Fixing VCID-kb5t-88br-5yh8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.343848+00:00 Debian Importer Fixing VCID-xpwr-fzex-m7fa https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.301812+00:00 Debian Importer Fixing VCID-gn4q-ub2s-hbcz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.253392+00:00 Debian Importer Fixing VCID-f5pv-qsd2-gkda https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.190774+00:00 Debian Importer Fixing VCID-68qt-2ghp-dba7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.143380+00:00 Debian Importer Fixing VCID-9vna-wqey-kkdm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:53:26.099435+00:00 Debian Importer Fixing VCID-w78p-q142-juh7 https://security-tracker.debian.org/tracker/data/json 38.1.0