PublicDateAtUSN: 2019-04-26 21:29:00 UTC Candidate: CVE-2019-3843 PublicDate: 2019-04-26 21:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843 https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable) https://ubuntu.com/security/notices/USN-4269-1 Description: It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928102 https://bugs.chromium.org/p/project-zero/issues/detail?id=1771 https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843 Priority: low Discovered-by: Jann Horn Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_systemd: upstream: https://github.com/systemd/systemd/commit/3c27973b13724ede05a06a5d346a569794cda433 upstream: https://github.com/systemd/systemd/commit/f69567cbe26d09eac9d387c0be0fc32c65a83ada upstream: https://github.com/systemd/systemd/commit/9d880b70ba5c6ca83c82952f4c90e86e56c7b70c upstream: https://github.com/systemd/systemd/commit/7445db6eb70e8d5989f481d0c5a08ace7047ae5b upstream: https://github.com/systemd/systemd/commit/62aa29247c3d74bcec0607c347f2be23cd90675d upstream: https://github.com/systemd/systemd/commit/bf65b7e0c9fc215897b676ab9a7c9d1c688143ba upstream: https://github.com/systemd/systemd-stable/commit/9e6e543c173460f394ea13c9b2aa572aef1f6833 upstream: https://github.com/systemd/systemd-stable/commit/3c27973b13724ede05a06a5d346a569794cda433 upstream: https://github.com/systemd/systemd-stable/commit/167fc10cb352b04d442c9010dab4f8dc24219749 upstream: https://github.com/systemd/systemd-stable/commit/f69567cbe26d09eac9d387c0be0fc32c65a83ada upstream: https://github.com/systemd/systemd-stable/commit/9d880b70ba5c6ca83c82952f4c90e86e56c7b70c upstream: https://github.com/systemd/systemd-stable/commit/7445db6eb70e8d5989f481d0c5a08ace7047ae5b upstream: https://github.com/systemd/systemd-stable/commit/62aa29247c3d74bcec0607c347f2be23cd90675d upstream: https://github.com/systemd/systemd-stable/commit/bf65b7e0c9fc215897b676ab9a7c9d1c688143ba upstream_systemd: needs-triage precise/esm_systemd: DNE trusty/esm_systemd: not-affected (code not present) xenial_systemd: not-affected (code not present) esm-infra/xenial_systemd: not-affected (code not present) bionic_systemd: released (237-3ubuntu10.38) cosmic_systemd: ignored (reached end-of-life) disco_systemd: ignored (reached end-of-life) eoan_systemd: not-affected (242-7ubuntu3.2) devel_systemd: not-affected (244.1-0ubuntu2)