Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3842

Опубликовано: 08 апр. 2019
Источник: redhat
CVSS3: 4.5
EPSS Низкий

Описание

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

It was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

Отчет

For the attack to be successful, a new session must be created by pam_systemd. This is done only if the calling process is not already part of a session. Red Hat Enterprise Linux, in its default PAM configurations, does not let a session sneak in without systemd knowing about it, since pam_systemd is always called in every PAM config file. Unless a wrong PAM config file is in place, this vulnerability cannot be triggered on Red Hat Enterprise Linux 7 and 8.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7systemdWill not fix
Red Hat Enterprise Linux 8systemdFixedRHSA-2021:161118.05.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportsystemdFixedRHSA-2021:390019.10.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=1668521systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"

EPSS

Процентиль: 28%
0.001
Низкий

4.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3842

CVSS3: 7
ubuntu
больше 6 лет назад

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

nvd логотип

CVE-2019-3842

CVSS3: 7
nvd
больше 6 лет назад

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

msrc логотип

CVE-2019-3842

CVSS3: 7
msrc
больше 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-3842

CVSS3: 7
debian
больше 6 лет назад

In systemd before v242-rc4, it was discovered that pam_systemd does no ...

github логотип

GHSA-c23j-qp89-q76c

CVSS3: 7
github
больше 3 лет назад

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

EPSS

Процентиль: 28%
0.001
Низкий

4.5 Medium

CVSS3