Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Ubuntu 18.10: 3938-1 Moderate: Systemd PAM Privilege Escalation

ubuntu
Calendar Grey April 8, 2019
Dist Ubuntu Esm H88
A security issue in systemd PAM allows local attackers to gain elevated PolicyKit privileges in Ubuntu distributions.
The systemd PAM module could be used to gain additional PolicyKit privileges.

Summary

The systemd PAM module could be used to gain additional PolicyKit

privileges.

Software Description:

- systemd: system and service manager

Details:

Jann Horn discovered that pam_systemd created logind sessions using some

parameters from the environment. A local attacker could exploit this in

order to spoof the active session and gain additional PolicyKit

privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  libpam-systemd                  239-7ubuntu10.12

Ubuntu 18.04 LTS:
  libpam-systemd                  237-3ubuntu10.19

Ubuntu 16.04 LTS:
  libpam-systemd                  229-4ubuntu21.21

Ubuntu 14.04 LTS:
  libpam-systemd                  204-5ubuntu20.31

In general, a standard system update will make all the necessary changes.

References

 

  CVE-2019-3842

Severity
important
Lowest
Low
Medium
High
Critical

April 08, 2019

Package Information

  https://launchpad.net/ubuntu/+source/systemd/239-7ubuntu10.12
  https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.19
  https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.21
  https://launchpad.net/ubuntu/+source/systemd/204-5ubuntu20.31

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.