Published: 15/01/2019 Updated: 29/05/2023

CVSS v2 Base Score: 2.7 | Impact Score: 2.9 | Exploitability Score: 5.1

CVSS v3 Base Score: 5.2 | Impact Score: 3.6 | Exploitability Score: 1.5

VMScore: 240

Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions prior to 2.1 are vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject sssd
debian debian linux 8.0
fedoraproject fedora -
opensuse leap 42.3
opensuse leap 15.0
redhat enterprise linux 7.0

Synopsis Moderate: sssd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for sssd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...

Debian Bug report logs - #902860 sssd: CVE-2018-10852: information leak from the sssd-sudo responder Package: src:sssd; Maintainer for src:sssd is Debian SSSD Team <pkg-sssd-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 Jul 2018 12:39:01 UTC Severity: important Ta ...

Debian Bug report logs - #919051 sssd: CVE-2019-3811: fallback_homedir returns '/' for empty home directories in passwd file Package: src:sssd; Maintainer for src:sssd is Debian SSSD Team <pkg-sssd-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 Jan 2019 10:42:01 UTC ...

A flaw was found in sssd Group Policy Objects implementation When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access(CVE-2018-16838) A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd ...

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811 https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html http://www.securityfocus.com/bid/106644 http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html https://access.redhat.com/errata/RHSA-2019:2177 https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html https://access.redhat.com/errata/RHSA-2019:2177 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2019-1343.html

CVE-2019-3811

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect