CVE-2019-15718 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2019-15718

CVE-2019-15718

September 04, 2019

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.

Related Resources (13)

https://security-tracker.debian.org/tracker/CVE-2019-15718

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/

https://bugzilla.redhat.com/show_bug.cgi?id=1746057

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/

https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15718

https://access.redhat.com/errata/RHSA-2019:3592

https://access.redhat.com/security/cve/CVE-2019-15718

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/

https://access.redhat.com/errata/RHSA-2019:3941

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/