CVE 2019-3844
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
Related bugs and status
CVE-2019-3844 (Candidate) is related to these bugs:
Bug #1671951: networkd should allow configuring IPV6 MTU
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu) | Medium | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu Bionic) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu Bionic) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu) | Undecided | Confirmed | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu Bionic) | Undecided | Confirmed | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu Disco) | Undecided | Won't Fix | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu Disco) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu Disco) | Undecided | Won't Fix | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu Focal) | Undecided | Confirmed | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu Focal) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu Focal) | Medium | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | cloud-init (Ubuntu Eoan) | Undecided | Confirmed | ||
1671951 | networkd should allow configuring IPV6 MTU | netplan.io (Ubuntu Eoan) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd (Ubuntu Eoan) | Undecided | Fix Released | ||
1671951 | networkd should allow configuring IPV6 MTU | systemd | Unknown | Unknown |
Bug #1814596: DynamicUser can create setuid binaries when assisted by another process
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1814596 | DynamicUser can create setuid binaries when assisted by another process | systemd (Ubuntu) | Undecided | Fix Released | ||
1814596 | DynamicUser can create setuid binaries when assisted by another process | systemd (Ubuntu Bionic) | Undecided | Fix Released | ||
1814596 | DynamicUser can create setuid binaries when assisted by another process | systemd (Ubuntu Disco) | Undecided | Won't Fix |
See the
CVE page on Mitre.org
for more details.