Back

Denial of Service Vulnerability in SSSD Affects Multiple Ubuntu Releases

Severity: Medium (Score: 57.1)

Sources: Ubuntu, Linuxsecurity, launchpad.net

Published: 2026-06-01 · Updated: 2026-06-02

Keywords: ubuntu, sssd, issue, crash, responder, important, denial

Severity indicators: issue

Summary

A vulnerability in the System Security Services Daemon (SSSD) was discovered, affecting Ubuntu 26.04 LTS, 25.10, and 24.04 LTS. The flaw allows a local attacker to crash the SSSD PAM responder by sending specially crafted input, leading to a denial of service. The vulnerability arises from improper handling of raw bytes in the PAM passkey responder. Users are advised to update their systems to mitigate this issue. The affected package versions include sssd 2.12.0-1ubuntu5.1 for Ubuntu 26.04 LTS, among others. A standard system update will implement the necessary changes. The issue was detailed in Ubuntu Security Notice USN-8355-1. Key Points: • A vulnerability in SSSD could lead to denial of service for multiple Ubuntu versions. • Affected versions include Ubuntu 26.04 LTS, 25.10, and 24.04 LTS. • Users should update their systems to the latest package versions to mitigate the risk.

Detailed Analysis

**Impact** Multiple Ubuntu releases are affected, including Ubuntu 26.04 LTS, 25.10, and 24.04 LTS, as well as their derivatives. The vulnerability allows a local attacker to cause the SSSD PAM responder to crash, resulting in a denial of service. This can disrupt authentication services on affected systems, potentially impacting business operations relying on these Ubuntu versions. No data theft or corruption has been reported. **Technical Details** The vulnerability arises from improper handling of raw bytes in the PAM passkey responder component of the System Security Services Daemon (SSSD). A local attacker can exploit this by supplying specially crafted input to cause the SSSD PAM responder to crash. No CVE identifier or malware/tools are mentioned. The attack targets the denial of service stage in the kill chain. No indicators of compromise (IOCs) are provided. **Recommended Response** Apply the updated SSSD packages immediately: version 2.12.0-1ubuntu5.1 for Ubuntu 26.04 LTS, 2.10.1-2ubuntu5.2 for Ubuntu 25.10, and 2.9.4-1.1ubuntu6.5 for Ubuntu 24.04 LTS. Perform a standard system update to implement these patches. Monitor authentication services for unexpected crashes or disruptions. No additional detection rules or configuration changes are specified.

Source articles (3)

  • USN-8355-1: SSSD vulnerability — Ubuntu · 2026-06-01
    It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a deni…
  • Sssd — launchpad.net · 2026-06-01
    libipa-hbac-dev: FreeIPA HBAC Evaluator library -- development files libipa-hbac0t64: FreeIPA HBAC Evaluator library libipa- hbac0t64- dbgsym: debug symbols for libipa-hbac0t64 libnss-sss: Nss library…
  • Ubuntu 26.04 LTS sssd Important Denial of Service Vuln 2026 — Linuxsecurity · 2026-06-01
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: SSSD could be made to crash if it received specially crafted input.…

Timeline

  • 2026-06-01 — SSSD vulnerability disclosed: A flaw in SSSD allows local attackers to crash the PAM responder, causing denial of service. Affected systems include Ubuntu 26.04 LTS, 25.10, and 24.04 LTS.
  • 2026-06-01 — Ubuntu Security Notice USN-8355-1 published: The notice details the SSSD vulnerability and provides guidance for users to update their systems.

Related entities

  • Denial of Service (Attack Type)
  • Linux (Platform)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed