PT-2019-6355 · Red Hat+5 · Sssd+6

Published

2019-01-15

Updated

2024-06-15

CVE-2019-3811

CVSS v2.0

5.5

Medium

Vector

AV:A/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions sssd versions prior to 2.1

Description A vulnerability was found in sssd where it returns '/' (the root directory) instead of '' (the empty string / no home directory) when a user is configured with no home directory set. This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. The vulnerability is related to information disclosure, allowing an attacker to access the file system.

Recommendations For versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the root directory to minimize the risk of exploitation.

Fix

Files Accessible to External Parties

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552CWE-200

Related Identifiers

ALT-PU-2019-1550

BDU:2023-03476

CESA-2019_2177

CVE-2019-3811

DLA-1635-1

DLA-3436-1

MGASA-2019-0152

OPENSUSE-SU-2019:0344-1

OPENSUSE-SU-2019_0344-1

OPENSUSE-SU-2019_1174-1

OPENSUSE-SU-2024:13446-1

RHSA-2019:2177

RHSA-2019_2177

SUSE-SU-2019:0542-1

SUSE-SU-2019:0552-1

SUSE-SU-2019:0556-1

SUSE-SU-2019:0805-1

SUSE-SU-2019_0542-1

SUSE-SU-2019_0552-1

SUSE-SU-2019_0805-1

USN-5067-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Sssd

PT-2019-6355 · Red Hat+5 · Sssd+6

CVE-2019-3811

Weakness Enumeration

Related Identifiers

Affected Products

References · 60