Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 679538 (CVE-2019-3811) - <sys-auth/sssd-1.16.3-r2: access validation error
Summary: <sys-auth/sssd-1.16.3-r2: access validation error
Alias: CVE-2019-3811
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2019-03-05 18:27 UTC by Joakim Tjernlund
Modified: 2019-03-08 15:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Joakim Tjernlund 2019-03-05 18:27:48 UTC
Please also fix bug:
Comment 1 Agostino Sarubbo gentoo-dev 2019-03-06 16:12:10 UTC
CVE-2019-3811: SSSD used to return “/” in case a user entry had no home directory. This was deemed a security issue because this flaw could impact services that restrict the user’s filesystem access to within their home directory. An empty home directory field would indicate “no filesystem access”, where sssd reporting it as “/” would grant full access (though still confined by unix permissions, SELinux etc).
Comment 2 Larry the Git Cow gentoo-dev 2019-03-08 15:10:30 UTC
The bug has been referenced in the following commit(s):

commit f85b90959ccdba7479d1fa455031e3bb0b839c14
Author:     Mikle Kolyada <>
AuthorDate: 2019-03-08 15:09:20 +0000
Commit:     Mikle Kolyada <>
CommitDate: 2019-03-08 15:10:17 +0000

    sys-auth/sssd: fix CVE-2019-3811
    Signed-off-by: Mikle Kolyada <>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch |  96 +++++++++
 sys-auth/sssd/sssd-1.16.3-r2.ebuild              | 239 +++++++++++++++++++++++
 2 files changed, 335 insertions(+)