CVE-2019-3842

NameCVE-2019-3842
DescriptionIn systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1762-1, DSA-4428-1
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)jessie215-17+deb8u7vulnerable
jessie (security)215-17+deb8u13fixed
stretch (security), stretch232-25+deb9u11fixed
buster241-3fixed
sid241-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsource(unstable)241-3medium
systemdsourcejessie215-17+deb8u12mediumDLA-1762-1
systemdsourcestretch232-25+deb9u11mediumDSA-4428-1

Notes

https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
https://bugs.launchpad.net/bugs/1812316
https://github.com/systemd/systemd/commit/83d4ab55336ff8a0643c6aa627b31e351a24040a

Search for package or bug name: Reporting problems