Back to search
CVE-2019-15718
Published: Sep 4, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=1746057
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/09/03/1
x_refsource_MISC
FEDORA-2019-d5bd5f0aa4
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-24e1d561e5
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-8a7dfdf1f3
vendor-advisory
x_refsource_FEDORA
RHSA-2019:3592
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3941
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now