CVE-2019-3842

HIGH

systemd < 242-rc4 - Improper Authorization via XDG_SEAT Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-3842. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages environment variable manipulation in pam_systemd to bypass polkit authentication policies by spoofing a local console session. It demonstrates privilege escalation by tricking systemd-logind into treating an SSH session as a local active session.

Description

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoslinux

https://www.exploit-db.com/exploits/46743

View Code ZIP pw:eip

This exploit leverages environment variable manipulation in pam_systemd to bypass polkit authentication policies by spoofing a local console session. It demonstrates privilege escalation by tricking systemd-logind into treating an SSH session as a local active session.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: polkit with systemd-logind (pam_systemd)

Auth required

Prerequisites: SSH access to the target machine · Valid user credentials for 'su' · No active sessions on the target machine · Target machine must be displaying a login prompt on tty1

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1553.004 - Install Root Certificate

devstral-2 · analyzed Feb 16, 2026 Full analysis →