The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user.
Name: Jakub Hrozek (Red Hat)
Created sssd tracking bugs for this issue:
Affects: fedora-all [bug 1595056]
To test, it is sufficient to "ls -l /var/lib/sss/pipes/sudo". Before the patch, the permissions were open to anyone, after the patch, only root should have either read or write permissions.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3158 https://access.redhat.com/errata/RHSA-2018:3158
Red Hat Satellite since version 6.4 uses sssd from the Red Hat Enterprise Linux repositories, where this vulnerability is fixed.