First published: Fri Mar 01 2019(Updated: )
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Systemd Project Systemd | <242 | |
Fedoraproject Fedora | =30 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Netapp Hci Management Node | ||
Netapp Snapprotect | ||
Netapp Solidfire | ||
Netapp Cn1610 Firmware | ||
Netapp Cn1610 | ||
redhat/systemd | <242 | 242 |
All of | ||
Netapp Cn1610 Firmware | ||
Netapp Cn1610 | ||
debian/systemd | 247.3-7+deb11u5 247.3-7+deb11u6 252.31-1~deb12u1 257~rc3-1 257-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-3843.
The severity of CVE-2019-3843 is high with a severity value of 7.8.
The affected software includes Systemd, Fedora, Canonical Ubuntu Linux, Netapp HCI Management Node, Netapp Snapprotect, Netapp Solidfire, and Netapp Cn1610 Firmware.
A local attacker may exploit CVE-2019-3843 by using a systemd service with DynamicUser property to create a SUID/SGID binary and access resources owned by a potentially different user.
You can find more information about CVE-2019-3843 on the SecurityFocus website and the Bugzilla Red Hat website.