PT-2019-6355 · Red Hat+5 · Sssd+6

Publicado

2019-01-15

Atualizado

2024-06-15

CVE-2019-3811

CVSS v2.0

5.5

Média

Vetor

AV:A/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions sssd versions prior to 2.1

Description A vulnerability was found in sssd where it returns '/' (the root directory) instead of '' (the empty string / no home directory) when a user is configured with no home directory set. This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. The vulnerability is related to information disclosure, allowing an attacker to access the file system.

Recommendations For versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the root directory to minimize the risk of exploitation.

Correção

Files Accessible to External Parties

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-552CWE-200

Identificadores relacionados

ALT-PU-2019-1550

BDU:2023-03476

CESA-2019_2177

CVE-2019-3811

DLA-1635-1

DLA-3436-1

MGASA-2019-0152

OPENSUSE-SU-2019:0344-1

OPENSUSE-SU-2019_0344-1

OPENSUSE-SU-2019_1174-1

OPENSUSE-SU-2024:13446-1

RHSA-2019:2177

RHSA-2019_2177

SUSE-SU-2019:0542-1

SUSE-SU-2019:0552-1

SUSE-SU-2019:0556-1

SUSE-SU-2019:0805-1

SUSE-SU-2019_0542-1

SUSE-SU-2019_0552-1

SUSE-SU-2019_0805-1

USN-5067-1

Produtos afetados

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Sssd

PT-2019-6355 · Red Hat+5 · Sssd+6

CVE-2019-3811

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 60