| Revision Date: | 2019-04-26 | Version: | 1 | | Title: | CVE-2019-3843 on Ubuntu 16.04 LTS (xenial) - low. | | Description: | It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2019-3843
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT libnss-myhostname package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libnss-mymachines package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libnss-resolve package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libpam-systemd package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libsystemd0 package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libudev1 package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd-container package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd-coredump package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd-journal-remote package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd-sysv package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT udev package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
|
|