First Last Prev Next    This bug is not in your last search results.
Bug 1133509 - (CVE-2019-3844) VUL-0: CVE-2019-3844: systemd: services with DynamicUser can get new privileges and create SGID binaries
(CVE-2019-3844)
VUL-0: CVE-2019-3844: systemd: services with DynamicUser can get new privileg...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/230355/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-26 09:34 UTC by Marcus Meissner
Modified: 2021-07-19 14:00 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-04-26 09:34:52 UTC 
rh#1684610

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1684610
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3844
Comment 1 Franck Bui 2019-05-10 07:57:45 UTC 
I submitted new MR#192322 which should fix both this bug and bsc#1133506.

Re-assigning to the secteam.
Comment 3 Swamp Workflow Management 2019-05-28 13:15:47 UTC 
SUSE-SU-2019:1364-1: An update that solves four vulnerabilities and has 9 fixes is now available.

Category: security (moderate)
Bug References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509
CVE References: CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    systemd-234-24.30.1, systemd-mini-234-24.30.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    systemd-234-24.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2019-07-15 20:13:56 UTC 
SUSE-SU-2019:1364-2: An update that solves four vulnerabilities and has 9 fixes is now available.

Category: security (moderate)
Bug References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509
CVE References: CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    systemd-234-24.30.1, systemd-mini-234-24.30.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    systemd-234-24.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Marcus Meissner 2019-07-18 06:22:17 UTC 
done (leap 15 is in queue)
Comment 6 Marcus Meissner 2021-07-19 14:00:18 UTC 
The DynamicUser feature is not available in systemd on SLES 12, so SLE12 is not affected.
First Last Prev Next    This bug is not in your last search results.