7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.2%
Debian Security Advisory DSA-4428-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
April 08, 2019 https://www.debian.org/security/faq
Package : systemd
CVE ID : CVE-2019-3842
Jann Horn discovered that the PAM module in systemd insecurely uses the
environment and lacks seat verification permitting spoofing an active
session to PolicyKit. A remote attacker with SSH access can take
advantage of this issue to gain PolicyKit privileges that are normally
only granted to clients in an active session on the local console.
For the stable distribution (stretch), this problem has been fixed in
version 232-25+deb9u11.
This update includes updates previously scheduled to be released in the
stretch 9.9 point release.
We recommend that you upgrade your systemd packages.
For the detailed security status of systemd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/systemd
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | i386 | gir1.2-gudev-1.0 | < 215-17+deb8u12 | gir1.2-gudev-1.0_215-17+deb8u12_i386.deb |
Debian | 9 | ppc64el | libudev1 | < 232-25+deb9u11 | libudev1_232-25+deb9u11_ppc64el.deb |
Debian | 9 | ppc64el | libnss-resolve-dbgsym | < 232-25+deb9u11 | libnss-resolve-dbgsym_232-25+deb9u11_ppc64el.deb |
Debian | 9 | armhf | systemd-journal-remote-dbgsym | < 232-25+deb9u11 | systemd-journal-remote-dbgsym_232-25+deb9u11_armhf.deb |
Debian | 8 | amd64 | libudev1 | < 215-17+deb8u12 | libudev1_215-17+deb8u12_amd64.deb |
Debian | 8 | i386 | libsystemd-journal0 | < 215-17+deb8u12 | libsystemd-journal0_215-17+deb8u12_i386.deb |
Debian | 9 | i386 | libudev-dev | < 232-25+deb9u11 | libudev-dev_232-25+deb9u11_i386.deb |
Debian | 9 | arm64 | libnss-mymachines-dbgsym | < 232-25+deb9u11 | libnss-mymachines-dbgsym_232-25+deb9u11_arm64.deb |
Debian | 9 | mips | libnss-myhostname | < 232-25+deb9u11 | libnss-myhostname_232-25+deb9u11_mips.deb |
Debian | 9 | armel | libnss-systemd-dbgsym | < 232-25+deb9u11 | libnss-systemd-dbgsym_232-25+deb9u11_armel.deb |
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.2%