CVE-2019-3811

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

References

Affected packages

Git / github.com/sssd/sssd

Affected ranges

Type: GIT
Repo: https://github.com/sssd/sssd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3aee2b3a83e3a7c0fda11927fd84424e4d473fa4

Affected versions

Other

sssd-0_2_0

sssd-0_2_1

sssd-0_3_1

sssd-0_3_2

sssd-0_3_3

sssd-0_4_0

sssd-0_4_1

sssd-0_5_0

sssd-0_6_0

sssd-0_7_0

sssd-0_99_0

sssd-1_0_99

sssd-1_10_0

sssd-1_10_90

sssd-1_10_92

sssd-1_10_alpha1

sssd-1_10_beta1

sssd-1_10_beta2

sssd-1_11_0

sssd-1_11_0_beta1

sssd-1_11_0_beta2

sssd-1_11_90

sssd-1_11_91

sssd-1_12_0

sssd-1_12_0_beta1

sssd-1_12_0_beta2

sssd-1_12_1

sssd-1_12_2

sssd-1_12_3

sssd-1_12_90

sssd-1_13_0

sssd-1_13_0_alpha

sssd-1_13_1

sssd-1_13_90

sssd-1_13_91

sssd-1_14_0

sssd-1_14_0_alpha1

sssd-1_14_0_beta1

sssd-1_14_1

sssd-1_14_2

sssd-1_15_0

sssd-1_15_1

sssd-1_15_2

sssd-1_15_3

sssd-1_16_0

sssd-1_16_1

sssd-1_16_2

sssd-1_16_3

sssd-1_2_91

sssd-1_3_0

sssd-1_4_0

sssd-1_5_0

sssd-1_5_1

sssd-1_6_0

sssd-1_8_91

sssd-1_8_92

sssd-1_8_93

sssd-1_8_94

sssd-1_8_95

sssd-1_8_96

sssd-1_8_97

sssd-1_8_98

sssd-1_9_0

sssd-1_9_0_beta1

sssd-1_9_0_beta2

sssd-1_9_0_beta3

sssd-1_9_0_beta4

sssd-1_9_0_beta5

sssd-1_9_0_beta6

sssd-1_9_0_beta7

sssd-1_9_0_rc1

sssd-1_9_1

sssd-1_9_2

sssd-1_9_91

sssd-1_9_92

sssd-1_9_93

sssd-1_9_94