Main Vulnerability Database Vulnerabilities #VU17121

Improper access control in System Security Services Daemon (SSSD) - CVE-2019-3811

Published: January 22, 2019

Vulnerability identifier: #VU17121

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-3811

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: SSSD

Affected software:
System Security Services Daemon (SSSD)

Detailed vulnerability description

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions.

The vulnerability exists due to the return of '/' (the root directory) instead of '' (the empty string / no home directory) if a user was configured with no home directory set. An adjacent attacker can bypass services that restrict the user's filesystem access to within their home directory through chroot().

How to mitigate CVE-2019-3811

Update to version 2.1.

Improper access control in System Security Services Daemon (SSSD) - CVE-2019-3811

Detailed vulnerability description

How to mitigate CVE-2019-3811

Sources

Please verify you're human