6 matches found
MiracleLinux 8 : systemd-239-45.el8 (AXSA:2021-2177:05)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2177:05 advisory. systemd: Spoofing of XDGSEAT allows for actions to be checked against allowactive instead of allowany CVE-2019-3842 systemd: Mishandles numerical...
SUSE CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...
systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"
It was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polkit policies using the...
In systemd before v242-rc4 it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker in some particular configurations to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
...
The vulnerability of the pam_systemd module of the systemd daemon, related to the improper use of environmental variables, allows a attacker to compromise the confidentiality, integrity, and accessibility of protected data.
The vulnerability of the pamsystemd module in the systemd initialization daemon is related to improper cleaning of the environment before using the variable XDGSEAT. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected data...
UBUNTU-CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...