ID CVE-2019-15718
Summary In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
References
Vulnerable Configurations
  • cpe:2.3:a:freedesktop:systemd:240:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:systemd:240:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1746057
    title CVE-2019-15718 systemd: systemd-resolved allows unprivileged users to configure DNS
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment systemd is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592001
          • comment systemd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092006
        • AND
          • comment systemd-container is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592003
          • comment systemd-container is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990004
        • AND
          • comment systemd-debugsource is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592005
          • comment systemd-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990006
        • AND
          • comment systemd-devel is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592007
          • comment systemd-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092008
        • AND
          • comment systemd-journal-remote is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592009
          • comment systemd-journal-remote is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990010
        • AND
          • comment systemd-libs is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592011
          • comment systemd-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092012
        • AND
          • comment systemd-pam is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592013
          • comment systemd-pam is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990014
        • AND
          • comment systemd-tests is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592015
          • comment systemd-tests is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990016
        • AND
          • comment systemd-udev is earlier than 0:239-18.el8
            oval oval:com.redhat.rhsa:tst:20193592017
          • comment systemd-udev is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990018
    rhsa
    id RHSA-2019:3592
    released 2019-11-05
    severity Moderate
    title RHSA-2019:3592: systemd security, bug fix, and enhancement update (Moderate)
  • rhsa
    id RHSA-2019:3941
rpms
  • systemd-0:239-18.el8
  • systemd-container-0:239-18.el8
  • systemd-container-debuginfo-0:239-18.el8
  • systemd-debuginfo-0:239-18.el8
  • systemd-debugsource-0:239-18.el8
  • systemd-devel-0:239-18.el8
  • systemd-journal-remote-0:239-18.el8
  • systemd-journal-remote-debuginfo-0:239-18.el8
  • systemd-libs-0:239-18.el8
  • systemd-libs-debuginfo-0:239-18.el8
  • systemd-pam-0:239-18.el8
  • systemd-pam-debuginfo-0:239-18.el8
  • systemd-tests-0:239-18.el8
  • systemd-tests-debuginfo-0:239-18.el8
  • systemd-udev-0:239-18.el8
  • systemd-udev-debuginfo-0:239-18.el8
refmap via4
fedora
  • FEDORA-2019-24e1d561e5
  • FEDORA-2019-8a7dfdf1f3
  • FEDORA-2019-d5bd5f0aa4
misc
Last major update 24-08-2020 - 17:37
Published 04-09-2019 - 12:15
Last modified 24-08-2020 - 17:37
Back to Top