Unrated severityNVD Advisory· Published Jan 15, 2019· Updated Feb 13, 2025
CVE-2019-3811
CVE-2019-3811
Description
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18- osv-coords16 versionspkg:rpm/opensuse/adcli&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/sssd&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/sssd&distro=openSUSE%20Tumbleweedpkg:rpm/suse/adcli&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/adcli&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/adcli&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 0.8.2-lp150.4.1+ 15 more
- (no CPE)range: < 0.8.2-lp150.4.1
- (no CPE)range: < 1.16.1-lp150.2.9.1
- (no CPE)range: < 2.9.3-2.1
- (no CPE)range: < 0.8.2-1.3.1
- (no CPE)range: < 0.8.2-1.3.1
- (no CPE)range: < 0.8.2-1.3.1
- (no CPE)range: < 1.13.4-34.31.1
- (no CPE)range: < 1.16.1-4.3.2
- (no CPE)range: < 1.16.1-3.15.1
- (no CPE)range: < 1.13.4-34.31.1
- (no CPE)range: < 1.16.1-4.3.2
- (no CPE)range: < 1.11.5.1-10.16.1
- (no CPE)range: < 1.13.4-34.31.1
- (no CPE)range: < 1.16.1-4.3.2
- (no CPE)range: < 1.13.4-34.31.1
- (no CPE)range: < 1.16.1-4.3.2
- The sssd Project/sssdv5Range: 2.1
Patches
Vulnerability mechanics
References
7- lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:2177mitrevendor-advisoryx_refsource_REDHAT
- www.securityfocus.com/bid/106644mitrevdb-entryx_refsource_BID
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/01/msg00011.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2023/05/msg00028.htmlmitre
News mentions
0No linked articles in our index yet.