Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3844

Опубликовано: 26 апр. 2019
Источник: ubuntu
Приоритет: low
CVSS2: 4.6
CVSS3: 7.8

Описание

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

РелизСтатусПримечание
bionic

released

237-3ubuntu10.38
cosmic

ignored

end of life
devel

not-affected

244.1-0ubuntu2
disco

ignored

end of life
eoan

not-affected

242-7ubuntu3.2
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

released

237-3ubuntu10.38
esm-infra/xenial

not-affected

code not present
precise/esm

DNE

trusty/esm

not-affected

code not present

Показывать по

Ссылки на источники

4.6 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-3844

CVSS3: 4.5
redhat
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

nvd логотип

CVE-2019-3844

CVSS3: 7.8
nvd
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

msrc логотип

CVE-2019-3844

CVSS3: 7.8
msrc
больше 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-3844

CVSS3: 7.8
debian
почти 7 лет назад

It was discovered that a systemd service that uses DynamicUser propert ...

github логотип

GHSA-h647-28xp-2hc8

CVSS3: 7.8
github
больше 3 лет назад

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

4.6 Medium

CVSS2

7.8 High

CVSS3