It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Link | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843 | patch third party advisory issue tracking |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/ | vendor advisory |
| http://www.securityfocus.com/bid/108116 | third party advisory vdb entry |
| https://security.netapp.com/advisory/ntap-20190619-0002/ | third party advisory |
| https://usn.ubuntu.com/4269-1/ | third party advisory vendor advisory |
| https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | mailing list |
| https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | mailing list |