CVE-2019-3842

NameCVE-2019-3842
DescriptionIn systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1762-1, DSA-4428-1, ELA-115-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)jessie, jessie (lts)215-17+deb8u15fixed
stretch (security)232-25+deb9u14fixed
stretch (lts), stretch232-25+deb9u17fixed
buster, buster (lts)241-7~deb10u11fixed
buster (security)241-7~deb10u10fixed
bullseye247.3-7+deb11u5fixed
bullseye (security)247.3-7+deb11u6fixed
bookworm252.31-1~deb12u1fixed
trixie257-2fixed
sid257.1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcewheezy44-11+deb7u7ELA-115-1
systemdsourcejessie215-17+deb8u12DLA-1762-1
systemdsourcestretch232-25+deb9u11DSA-4428-1
systemdsource(unstable)241-3

Notes

https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
https://bugs.launchpad.net/bugs/1812316
https://github.com/systemd/systemd/commit/83d4ab55336ff8a0643c6aa627b31e351a24040a

Search for package or bug name: Reporting problems