In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T00:56:22.337Z

Reserved: 2019-08-28T00:00:00

Link: CVE-2019-15718

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-09-04T12:15:11.170

Modified: 2024-11-21T04:29:19.297

Link: CVE-2019-15718

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-09-03T15:00:00Z

Links: CVE-2019-15718 - Bugzilla

cve-icon OpenCVE Enrichment

No data.