CVE-2019-3842
CVE-2019-3842
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 4.5EPSS 1.2%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
09 Apr 2019Published on NVD
23 Apr 2019Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
The systemd Project · systemdpublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46743/unverifiedexploitdbwww.exploit-db.com/exploits/46743unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.htmlhttp://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/04/msg00022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/https://www.exploit-db.com/exploits/46743/