CVE-2019-3844
First published: Fri Mar 01 2019(Updated: )
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Systemd Project Systemd | <242 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Netapp Hci Management Node | ||
| Netapp Snapprotect | ||
| Netapp Solidfire | ||
| Netapp Cn1610 Firmware | ||
| Netapp Cn1610 | ||
| redhat/systemd | <242 | 242 |
| All of | ||
| Netapp Cn1610 Firmware | ||
| Netapp Cn1610 | ||
| debian/systemd | 247.3-7+deb11u5 247.3-7+deb11u6 252.31-1~deb12u1 257-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/108096
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://security.netapp.com/advisory/ntap-20190619-0002/
- https://usn.ubuntu.com/4269-1/
- https://launchpad.net/bugs/cve/CVE-2019-3844
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://github.com/systemd/systemd/commit/bf65b7e0c9fc215897b676ab9a7c9d1c688143ba
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1771
- https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1703357
- https://access.redhat.com/errata/RHSA-2020:1794
- https://access.redhat.com/security/cve/cve-2019-3844
- https://bugzilla.redhat.com/show_bug.cgi?id=1684610
- https://security-tracker.debian.org/tracker/CVE-2019-3844
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844
- https://nvd.nist.gov/vuln/detail/CVE-2019-3844
- https://ubuntu.com/security/CVE-2019-3844
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-3844.
What is the severity of CVE-2019-3844?
The severity of CVE-2019-3844 is high with a severity value of 7.8.
Which software and versions are affected by CVE-2019-3844?
The following software and versions are affected by CVE-2019-3844: Systemd Project Systemd (up to version 242), Canonical Ubuntu Linux 16.04 LTS, Canonical Ubuntu Linux 18.04 LTS, Canonical Ubuntu Linux 19.10, Netapp HCI Management Node, Netapp Snapprotect, Netapp Solidfire, and Netapp Cn1610 Firmware.
How can a local attacker exploit CVE-2019-3844?
A local attacker can exploit CVE-2019-3844 by using a systemd service with DynamicUser property to execute SUID binaries and create binaries owned by the service transient group with the setgid bit set, which can grant new privileges and access resources.
Are there any known remedies or fixes for CVE-2019-3844?
Yes, there are known remedies or fixes for CVE-2019-3844. For example, the Ubuntu package `systemd` can be fixed by applying version 237-3ubuntu10.38.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-3844
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/nvd-api
- vendor/systemd project
- canonical/systemd project systemd
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- vendor/netapp
- canonical/netapp hci management node
- canonical/netapp snapprotect
- canonical/netapp solidfire
- canonical/netapp cn1610 firmware
- canonical/netapp cn1610
- package-manager/redhat
- package-manager/debian