Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-3842 — Improper Authorization in Project Systemd

CWE-285 — Improper Authorization CWE-863 — Incorrect Authorization11 documents10 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 73.12%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Systemd Project Systemd THE Systemd Project Systemd Debian Linux +2 more

Timeline

PublishedApr 9

Latest updateMay 13

Description

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶Debiansystemd_project/systemd< 241-3+3

▶NVDsystemd_project/systemd241+1

▶CVEListV5the_systemd_project/systemdv242-rc4

Also affects: Debian Linux 8.0, Fedora 30, Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-c23j-qp89-q76c: In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable↗2022-05-13

▶

OSV

CVE-2019-3842: In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable↗2019-04-09

▶

CVEList

CVE-2019-3842: In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable↗2019-04-09

▶

💥Exploits & PoCs

Exploit-DB

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit↗2019-04-23

▶

📋Vendor Advisories

Microsoft

In systemd before v242-rc4 it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker in some particular configura↗2019-04-09

▶

Ubuntu

systemd vulnerability↗2019-04-08

▶

Red Hat

systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"↗2019-04-08

▶

Debian

CVE-2019-3842: systemd - In systemd before v242-rc4, it was discovered that pam_systemd does not properly...↗2019

▶

💬Community

Bugzilla

CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" [fedora-all]↗2019-04-09

▶

Bugzilla

CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"↗2019-01-23

▶