Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3843

Опубликовано: 25 апр. 2019
Источник: redhat
CVSS3: 4.5

Описание

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the UID/GID will be recycled.

Отчет

This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7 as they did not include support for DynamicUser property.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7systemdNot affected
Red Hat Enterprise Linux 8systemdFixedRHSA-2020:179428.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=1684607systemd: services with DynamicUser can create SUID/SGID binaries

4.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3843

CVSS3: 7.8
ubuntu
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

nvd логотип

CVE-2019-3843

CVSS3: 7.8
nvd
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

msrc логотип

CVE-2019-3843

CVSS3: 7.8
msrc
больше 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-3843

CVSS3: 7.8
debian
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser propert ...

github логотип

GHSA-54p3-x8px-4jp3

CVSS3: 7.8
github
больше 3 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

4.5 Medium

CVSS3