Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3843

Опубликовано: 26 апр. 2019
Источник: nvd
CVSS3: 4.5
CVSS3: 7.8
CVSS2: 4.6
EPSS Низкий

Описание

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
Версия до 242 (исключая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%
0.00128
Низкий

4.5 Medium

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-266
CWE-269

Связанные уязвимости

ubuntu логотип

CVE-2019-3843

CVSS3: 7.8
ubuntu
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

redhat логотип

CVE-2019-3843

CVSS3: 4.5
redhat
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

msrc логотип

CVE-2019-3843

CVSS3: 7.8
msrc
больше 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-3843

CVSS3: 7.8
debian
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser propert ...

github логотип

GHSA-54p3-x8px-4jp3

CVSS3: 7.8
github
больше 3 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

EPSS

Процентиль: 33%
0.00128
Низкий

4.5 Medium

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-266
CWE-269