PT-2019-6159 · Systemd+6 · Systemd+6

Jann Horn

Published

2019-04-19

Updated

2024-06-15

CVE-2019-3844

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd (affected versions not specified)

Description The issue is related to a systemd service that utilizes the DynamicUser property, allowing it to gain new privileges through the execution of SUID binaries. This could enable a local attacker to create binaries owned by the service's transient group with the setgid bit set, potentially accessing resources that will be owned by a different service in the future when the GID is recycled. The vulnerability is associated with incorrect privilege assignment, which may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-268

Related Identifiers

ALT-PU-2019-1690

BDU:2022-00317

CESA-2020_1794

CVE-2019-3844

OPENSUSE-SU-2024:11420-1

RHSA-2020:1794

RHSA-2020_1794

SUSE-SU-2019:1364-1

SUSE-SU-2019:1364-2

USN-4269-1

Affected Products

Alt Linux

Astra Linux

Centos

Red Hat

Suse

Ubuntu

Systemd

PT-2019-6159 · Systemd+6 · Systemd+6

CVE-2019-3844

Weakness Enumeration

Related Identifiers

Affected Products

References · 88