CVE-2019-3844

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-3844

Severity

7.8

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

References

https://nvd.nist.gov/vuln/detail/CVE-2019-3844
https://github.com/advisories/GHSA-h647-28xp-2hc8
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
http://www.securityfocus.com/bid/108096
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844
https://security.netapp.com/advisory/ntap-20190619-0002/
https://usn.ubuntu.com/4269-1/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2019-3844

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company