Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
himmelblau: NSS fake-primary group lookup reintroduces name collision risk
Vulnerability Description
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
Himmelblau 安全漏洞
Vulnerability Description
Himmelblau是Himmelblau开源的一个 Azure Entra ID 身份验证模块。 Himmelblau存在安全漏洞,该漏洞源于在边缘情况命名冲突中存在条件性本地权限提升,映射的CN或短名称与特权本地组名完全匹配的已认证himmelblau用户可能导致NSS模块将该组名解析为其伪造的主组,若系统使用NSS结果进行基于组的授权决策,可能授予攻击者该组的权限。以下版本受到影响:2.0.0-alpha至2.3.9之前版本和3.0.0-alpha至3.1.1之前版本。
CVSS Information
N/A
Vulnerability Type
N/A