CVE 2019-3843
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
Related bugs and status
CVE-2019-3843 (Candidate) is related to these bugs:
Bug #1671951: networkd should allow configuring IPV6 MTU
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu) | Medium | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu Bionic) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu Bionic) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu) | Undecided | Confirmed | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu Bionic) | Undecided | Confirmed | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu Disco) | Undecided | Won't Fix | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu Disco) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu Disco) | Undecided | Won't Fix | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu Focal) | Undecided | Confirmed | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu Focal) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu Focal) | Medium | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu Eoan) | Undecided | Won't Fix | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu Eoan) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu Eoan) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd | Unknown | Unknown |
Bug #1814596: DynamicUser can create setuid binaries when assisted by another process
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1814596 | DynamicUser can create setuid binaries when assisted by another process | systemd (Ubuntu) | Undecided | Fix Released | ||
1814596 | DynamicUser can create setuid binaries when assisted by another process | systemd (Ubuntu Bionic) | Undecided | Fix Released | ||
1814596 | DynamicUser can create setuid binaries when assisted by another process | systemd (Ubuntu Disco) | Undecided | Won't Fix |
See the
CVE page on Mitre.org
for more details.