Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3842

Опубликовано: 09 апр. 2019
Источник: ubuntu
Приоритет: medium
CVSS2: 4.4
CVSS3: 7

Описание

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

РелизСтатусПримечание
bionic

released

237-3ubuntu10.19
cosmic

released

239-7ubuntu10.12
devel

released

240-6ubuntu4
esm-infra-legacy/trusty

released

204-5ubuntu20.31
esm-infra/bionic

released

237-3ubuntu10.19
esm-infra/xenial

released

229-4ubuntu21.21
precise/esm

DNE

trusty

released

204-5ubuntu20.31
trusty/esm

released

204-5ubuntu20.31
upstream

released

241-3

Показывать по

Ссылки на источники

4.4 Medium

CVSS2

7 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-3842

CVSS3: 4.5
redhat
больше 6 лет назад

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

nvd логотип

CVE-2019-3842

CVSS3: 7
nvd
больше 6 лет назад

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

msrc логотип

CVE-2019-3842

CVSS3: 7
msrc
больше 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-3842

CVSS3: 7
debian
больше 6 лет назад

In systemd before v242-rc4, it was discovered that pam_systemd does no ...

github логотип

GHSA-c23j-qp89-q76c

CVSS3: 7
github
больше 3 лет назад

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

4.4 Medium

CVSS2

7 High

CVSS3