CVE-2019-3842

Summary

CVE	CVE-2019-3842
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-04-09 21:29:00 UTC
Updated	2023-11-07 03:10:00 UTC
Description	In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

Risk And Classification

Problem Types: CWE-863

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Application	Systemd Project	Systemd	242	rc1	All	All
Application	Systemd Project	Systemd	242	rc2	All	All
Application	Systemd Project	Systemd	242	rc3	All	All
Application	Systemd Project	Systemd	242	rc1	All	All
Application	Systemd Project	Systemd	242	rc2	All	All
Application	Systemd Project	Systemd	242	rc3	All	All
Application	Systemd Project	Systemd	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 1762-1] systemd security update	MLIST	lists.debian.org	Third Party Advisory
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
[SECURITY] Fedora 30 Update: systemd-241-5.git3d835d0.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Release Notes, Third Party Advisory
[SECURITY] Fedora 30 Update: systemd-241-5.git3d835d0.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit - Linux dos Exploit	EXPLOIT-DB	www.exploit-db.com	Exploit, Third Party Advisory, VDB Entry
[security-announce] openSUSE-SU-2019:1450-1: important: Security update	SUSE	lists.opensuse.org
Pony Mail!	MLIST	lists.apache.org
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8		lists.apache.org
1668521 – (CVE-2019-3842) CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"	CONFIRM	bugzilla.redhat.com	Issue Tracking, Vendor Advisory
systemd Seat Verification Active Session Spoofing ≈ Packet Storm	MISC	packetstormsecurity.com	Exploit, Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159197 Oracle Enterprise Linux Security Update for systemd (ELSA-2021-1611)
239327 Red Hat Update for systemd (RHSA-2021:1611)
239693 Red Hat Update for systemd (RHSA-2021:3900)
354074 Amazon Linux Security Advisory for systemd : ALAS2-2022-1854
900080 CBL-Mariner Linux Security Update for systemd 239
903007 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (1800)
940184 AlmaLinux Security Update for systemd (ALSA-2021:1611)
960704 Rocky Linux Security Update for systemd (RLSA-2021:1611)