Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3843

Опубликовано: 26 апр. 2019
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.6
CVSS3: 7.8

Описание

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

РелизСтатусПримечание
bionic

released

237-3ubuntu10.38
cosmic

ignored

end of life
devel

not-affected

244.1-0ubuntu2
disco

ignored

end of life
eoan

not-affected

242-7ubuntu3.2
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

released

237-3ubuntu10.38
esm-infra/xenial

not-affected

code not present
precise/esm

DNE

trusty/esm

not-affected

code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%
0.00128
Низкий

4.6 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-3843

CVSS3: 4.5
redhat
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

nvd логотип

CVE-2019-3843

CVSS3: 7.8
nvd
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

msrc логотип

CVE-2019-3843

CVSS3: 7.8
msrc
больше 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-3843

CVSS3: 7.8
debian
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser propert ...

github логотип

GHSA-54p3-x8px-4jp3

CVSS3: 7.8
github
больше 3 лет назад

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

EPSS

Процентиль: 33%
0.00128
Низкий

4.6 Medium

CVSS2

7.8 High

CVSS3