CVE-2019-3844
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
Se ha descubierto una vulnerabilidad en el servicio systemd que utilice la propiedad DynamicUser pudiendo obtener nuevos privilegios a través de la ejecución de binarios SUID, los cuales podrían permitir crear binarios pertenecientes al servicio transient group con el bit setgid, Un atacante local podría utilizar este fallo para acceder a recursos que pertenezcan a otro servicio futuro cuando el GID fuese reciclado.
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the GID will be recycled.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-04-25 CVE Published
- 2019-04-26 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-268: Privilege Chaining
CAPEC
References (9)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46760 | 2019-04-26 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4269-1 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2019-3844 | 2020-04-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1684610 | 2020-04-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Cn1610 Firmware Search vendor "Netapp" for product "Cn1610 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Cn1610 Search vendor "Netapp" for product "Cn1610" | - | - |
Safe
|
| Systemd Project Search vendor "Systemd Project" | Systemd Search vendor "Systemd Project" for product "Systemd" | < 242 Search vendor "Systemd Project" for product "Systemd" and version " < 242" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapprotect Search vendor "Netapp" for product "Snapprotect" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||