| Revision Date: | 2019-04-26 | Version: | 1 | | Title: | CVE-2019-3844 on Ubuntu 16.04 LTS (xenial) - low. | | Description: | It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2019-3844
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT libnss-myhostname package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libnss-mymachines package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libnss-resolve package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libpam-systemd package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libsystemd0 package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libudev1 package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd-container package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd-coredump package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd-journal-remote package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT systemd-sysv package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT udev package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
|
|