CVE-2019-3842
First published: Tue Apr 09 2019(Updated: )
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Systemd Project Systemd | <=241 | |
| Systemd Project Systemd | =242-rc1 | |
| Systemd Project Systemd | =242-rc2 | |
| Systemd Project Systemd | =242-rc3 | |
| Redhat Enterprise Linux | =7.0 | |
| Fedoraproject Fedora | =30 | |
| Debian Debian Linux | =8.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
| <=241 | ||
| =242-rc1 | ||
| =242-rc2 | ||
| =242-rc3 | ||
| =7.0 | ||
| =30 | ||
| =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
- http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/
- https://www.exploit-db.com/exploits/46743/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159257
- https://www.ibm.com/support/pages/node/6493729 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Frequently Asked Questions
What is CVE-2019-3842?
CVE-2019-3842 is a vulnerability in the systemd software that allows a local authenticated attacker to gain elevated privileges on the system.
How does CVE-2019-3842 work?
In systemd before v242-rc4, pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable, allowing an attacker to set a malicious XDG_SEAT environment variable and execute commands with elevated privileges.
Which software versions are affected by CVE-2019-3842?
IBM Cloud Pak for Security (CP4S) versions 1.7.2.0, 1.7.1.0, and 1.7.0.0, as well as systemd version 241 and versions 242-rc1, 242-rc2, and 242-rc3 are affected by CVE-2019-3842.
How severe is CVE-2019-3842?
CVE-2019-3842 has a severity level of 7, which is considered high.
How can I fix CVE-2019-3842?
Upgrade to systemd version v242-rc4 or a later version that includes the patch for CVE-2019-3842.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- agent/trending
- vendor/systemd project
- canonical/systemd project systemd
- version/systemd project systemd/241
- version/systemd project systemd/242-rc1
- version/systemd project systemd/242-rc2
- version/systemd project systemd/242-rc3
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/ibm
- canonical/ibm cloud pak for security (cp4s)
- version/ibm cloud pak for security (cp4s)/1.7.2.0
- version/ibm cloud pak for security (cp4s)/1.7.1.0
- version/ibm cloud pak for security (cp4s)/1.7.0.0