Access Restriction Bypass in systemd

Do your applications use this vulnerable package? Test your applications

Overview

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

References

Debian Security Announcement
Debian Security Tracker
Exploit DB
Fedora Security Update
MISC
OpenSuse Security Announcement
RedHat Bugzilla Bug
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

High
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-3842
CWE: CWE-264 CWE-285
Snyk ID: SNYK-DEBIAN9-SYSTEMD-342746
Disclosed: 09 Apr, 2019
Published: 09 Apr, 2019

Access Restriction Bypass
Affecting systemd package, versions <232-25+deb9u11

Overview

References

CVSS Score

Access Restriction Bypass Affecting systemd package, versions <232-25+deb9u11

Overview

References

Access Restriction Bypass
Affecting systemd package, versions <232-25+deb9u11