CVE-2019-3842
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
The systemd Project · systemdpublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46743/unverifiedexploitdbwww.exploit-db.com/exploits/46743unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.htmlhttp://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/04/msg00022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/https://www.exploit-db.com/exploits/46743/