CVE-2021-3621

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-3621
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-12-23 21:15:00 UTC
Updated2023-05-29 17:15:00 UTC
DescriptionA flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk And Classification

Problem Types: CWE-78

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Fedoraproject Fedora 34 All All All
Operating System Redhat Enterprise Linux 6.0 All All All
Operating System Redhat Enterprise Linux 7.0 All All All
Operating System Redhat Enterprise Linux 8.0 All All All
Operating System Redhat Enterprise Linux Eus 8.1 All All All
Operating System Redhat Enterprise Linux Eus 8.2 All All All
Operating System Redhat Enterprise Linux Server Aus 8.2 All All All
Operating System Redhat Enterprise Linux Server Aus 8.4 All All All
Operating System Redhat Enterprise Linux Server Tus 8.2 All All All
Operating System Redhat Enterprise Linux Server Tus 8.4 All All All
Application Redhat Virtualization 4.0 All All All
Application Redhat Virtualization Host 4.0 All All All
Application Sssd Sssd 2.6.0 All All All

References

ReferenceSourceLinkTags
[SECURITY] [DLA 3436-1] sssd security update MLIST lists.debian.org
1975142 – (CVE-2021-3621) CVE-2021-3621 sssd: shell command injection in sssctl MISC bugzilla.redhat.com
SSSD 2.6.0 Release Notes - sssd.io MISC sssd.io
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159353 Oracle Enterprise Linux Security Update for sssd (ELSA-2021-3151)
  • 159376 Oracle Enterprise Linux Security Update for sssd (ELSA-2021-3336)
  • 178796 Debian Security Update for sssd (DLA 2758-1)
  • 181811 Debian Security Update for sssd (DLA 3436-1)
  • 184041 Debian Security Update for sssd (CVE-2021-3621)
  • 198490 Ubuntu Security Notification for SSSD Vulnerabilities (USN-5067-1)
  • 239565 Red Hat Update for sssd (RHSA-2021:3151)
  • 239567 Red Hat Update for sssd (RHSA-2021:3178)
  • 239597 Red Hat Update for sssd (RHSA-2021:3365)
  • 239601 Red Hat Update for sssd (RHSA-2021:3336)
  • 257111 CentOS Security Update for sssd (CESA-2021:3336)
  • 281817 Fedora Security Update for sssd (FEDORA-2021-140967fe27)
  • 281853 Fedora Security Update for sssd (FEDORA-2021-806b2ef8a1)
  • 352845 Amazon Linux Security Advisory for sssd: ALAS-2021-1542
  • 352852 Amazon Linux Security Advisory for sssd: ALAS2-2021-1715
  • 354866 Amazon Linux Security Advisory for sssd : ALAS-2023-1723
  • 377010 Alibaba Cloud Linux Security Update for sssd (ALINUX2-SA-2021:0054)
  • 377149 Alibaba Cloud Linux Security Update for sssd (ALINUX3-SA-2021:0063)
  • 670822 EulerOS Security Update for sssd (EulerOS-SA-2021-2724)
  • 670839 EulerOS Security Update for sssd (EulerOS-SA-2021-2699)
  • 670966 EulerOS Security Update for sssd (EulerOS-SA-2021-2646)
  • 670969 EulerOS Security Update for sssd (EulerOS-SA-2021-2675)
  • 751057 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2021:2873-1)
  • 751097 OpenSUSE Security Update for sssd (openSUSE-SU-2021:2941-1)
  • 751870 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2022:0826-1)
  • 752049 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2022:1258-1)
  • 752458 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2022:2763-1)
  • 940176 AlmaLinux Security Update for sssd (ALSA-2021:3151)
  • 960027 Rocky Linux Security Update for sssd (RLSA-2021:3151)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report