CVE-2019-3811

LOW

Description

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

References

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html

http://www.securityfocus.com/bid/106644

https://access.redhat.com/errata/RHSA-2019:2177

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811

https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html

Details

Source: MITRE

Published: 2019-01-15

Updated: 2019-08-06

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 2.7

Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 5.1

Severity: LOW

CVSS v3.0

Base Score: 5.2

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.5

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
132447NewStart CGSL CORE 5.05 / MAIN 5.05 : sssd Multiple Vulnerabilities (NS-SA-2019-0241)NessusNewStart CGSL Local Security Checks
medium
130402Amazon Linux 2 : sssd (ALAS-2019-1343)NessusAmazon Linux Local Security Checks
medium
129890NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Multiple Vulnerabilities (NS-SA-2019-0195)NessusNewStart CGSL Local Security Checks
medium
129797Amazon Linux AMI : sssd (ALAS-2019-1307)NessusAmazon Linux Local Security Checks
medium
129245EulerOS 2.0 SP3 : sssd (EulerOS-SA-2019-2052)NessusHuawei Local Security Checks
low
128370CentOS 7 : sssd (CESA-2019:2177)NessusCentOS Local Security Checks
medium
128264Scientific Linux Security Update : sssd on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127691RHEL 7 : sssd (RHSA-2019:2177)NessusRed Hat Local Security Checks
medium
126881EulerOS 2.0 SP2 : sssd (EulerOS-SA-2019-1754)NessusHuawei Local Security Checks
low
126543EulerOS Virtualization for ARM 64 3.0.2.0 : sssd (EulerOS-SA-2019-1701)NessusHuawei Local Security Checks
low
126296EulerOS 2.0 SP5 : sssd (EulerOS-SA-2019-1669)NessusHuawei Local Security Checks
low
126287EulerOS 2.0 SP8 : sssd (EulerOS-SA-2019-1660)NessusHuawei Local Security Checks
low
123991openSUSE Security Update : sssd (openSUSE-2019-1174)NessusSuSE Local Security Checks
low
123549SUSE SLED12 / SLES12 Security Update : Recommended update for adcli, sssd (SUSE-SU-2019:0805-1)NessusSuSE Local Security Checks
low
122941openSUSE Security Update : sssd (openSUSE-2019-344)NessusSuSE Local Security Checks
low
122665SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:0556-1)NessusSuSE Local Security Checks
medium
122663SUSE SLES12 Security Update : sssd (SUSE-SU-2019:0552-1)NessusSuSE Local Security Checks
low
122645SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2019:0542-1)NessusSuSE Local Security Checks
low
121233Debian DLA-1635-1 : sssd security updateNessusDebian Local Security Checks
low