Privilege Chaining Affecting systemd Open this link in a new tab package, versions *

Although NVD CVSS Score is: 7.8 (High), when available we recommend using the distro's own rating score.

Attack Complexity

Low
Confidentiality

High
Integrity

High
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-DEBIAN10-SYSTEMD-345386
published

26 Apr 2019
disclosed

26 Apr 2019

Report a new vulnerability Found a mistake?

Introduced: 26 Apr 2019

CVE-2019-3844 Open this link in a new tab CWE-268 Open this link in a new tab

How to fix?

There is no fixed version for Debian:10 systemd.

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package.

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

Privilege Chaining Affecting systemd Open this link in a new tab package, versions *

Attack Complexity

Confidentiality

Integrity

Availability

snyk-id

published

disclosed

Introduced: 26 Apr 2019

How to fix?

NVD Description

References