Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3844

Опубликовано: 26 апр. 2019
Источник: nvd
CVSS3: 4.5
CVSS3: 7.8
CVSS2: 4.6
EPSS Низкий

Описание

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
Версия до 242 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%
0.0016
Низкий

4.5 Medium

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-268
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2019-3844

CVSS3: 7.8
ubuntu
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

redhat логотип

CVE-2019-3844

CVSS3: 4.5
redhat
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

msrc логотип

CVE-2019-3844

CVSS3: 7.8
msrc
больше 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-3844

CVSS3: 7.8
debian
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser propert ...

github логотип

GHSA-h647-28xp-2hc8

CVSS3: 7.8
github
больше 3 лет назад

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

EPSS

Процентиль: 37%
0.0016
Низкий

4.5 Medium

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-268
NVD-CWE-noinfo