[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4428-1 systemd -- systemd

ID: oval:org.secpod.oval:def:603846Date: (C)2019-04-09   (M)2023-12-20
Class: PATCHFamily: unix




Jann Horn discovered that the PAM module in systemd insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. A remote attacker with SSH access can take advantage of this issue to gain PolicyKit privileges that are normally only granted to clients in an active session on the local console.

Platform:
Debian 9.x
Product:
systemd
libsystemd0
libnss-myhostname
libudev1
libsystemd-dev
libnss-systemd
libpam-systemd
libnss-mymachines
libnss-resolve
udev
libudev-dev
Reference:
DSA-4428-1
CVE-2019-3842
CVE    1
CVE-2019-3842
CPE    3
cpe:/a:ubuntu_developers:systemd
cpe:/o:debian:debian_linux:9.x
cpe:/o:debian:debian_linux:8.0

© SecPod Technologies