Vulnerabilities > CVE-2019-15718

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
local
low complexity
systemd-project
fedoraproject
redhat
nessus

Summary

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.

Vulnerable Configurations

Part Description Count
Application
Systemd_Project
1
Application
Redhat
1
OS
Fedoraproject
3
OS
Redhat
24

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1054.NASL
    descriptionAccording to the version of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system
    last seen2020-06-01
    modified2020-06-02
    plugin id132808
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132808
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : systemd (EulerOS-SA-2020-1054)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2121.NASL
    descriptionAccording to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system
    last seen2020-05-03
    modified2019-11-12
    plugin id130830
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130830
    titleEulerOS 2.0 SP8 : systemd (EulerOS-SA-2019-2121)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D5BD5F0AA4.NASL
    description - Update to latest release - Emission of Session property-changed notifications from logind is fixed (this was breaking the switching of sessions to and from gnome). - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved. Now proper polkit authorization is required (CVE-2019-15718). Switching ttys will work again after reboot. Otherwise, no log out or reboot is required. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129651
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129651
    titleFedora 31 : systemd (2019-d5bd5f0aa4)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-24E1D561E5.NASL
    description - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved (CVE-2019-15718). - Various minor fixes (memory issues, compat with newer kernels, log message improvements, etc.). - hwdb entries for keyboards are updated to the latest version No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128535
    published2019-09-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128535
    titleFedora 30 : systemd (2019-24e1d561e5)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8A7DFDF1F3.NASL
    description - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved (CVE-2019-15718) - hwdb entries for keyboards are updated to the latest version (#1725717) No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129030
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129030
    titleFedora 29 : systemd (2019-8a7dfdf1f3)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3592.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: systemd-resolved allows unprivileged users to configure DNS (CVE-2019-15718) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130557
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130557
    titleRHEL 8 : systemd (RHSA-2019:3592)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4120-1.NASL
    descriptionIt was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system
    last seen2020-06-01
    modified2020-06-02
    plugin id128506
    published2019-09-04
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128506
    titleUbuntu 18.04 LTS / 19.04 : systemd vulnerability (USN-4120-1)

Redhat

advisories
  • bugzilla
    id1746057
    titleCVE-2019-15718 systemd: systemd-resolved allows unprivileged users to configure DNS
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentsystemd-debugsource is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592001
          • commentsystemd-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990016
        • AND
          • commentsystemd-udev is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592003
          • commentsystemd-udev is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990018
        • AND
          • commentsystemd-tests is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592005
          • commentsystemd-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990004
        • AND
          • commentsystemd-pam is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592007
          • commentsystemd-pam is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990002
        • AND
          • commentsystemd-libs is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592009
          • commentsystemd-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092016
        • AND
          • commentsystemd-journal-remote is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592011
          • commentsystemd-journal-remote is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990012
        • AND
          • commentsystemd-devel is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592013
          • commentsystemd-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092020
        • AND
          • commentsystemd-container is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592015
          • commentsystemd-container is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990010
        • AND
          • commentsystemd is earlier than 0:239-18.el8
            ovaloval:com.redhat.rhsa:tst:20193592017
          • commentsystemd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092014
    rhsa
    idRHSA-2019:3592
    released2019-11-05
    severityModerate
    titleRHSA-2019:3592: systemd security, bug fix, and enhancement update (Moderate)
  • rhsa
    idRHSA-2019:3941
rpms
  • systemd-0:239-18.el8
  • systemd-container-0:239-18.el8
  • systemd-container-debuginfo-0:239-18.el8
  • systemd-debuginfo-0:239-18.el8
  • systemd-debugsource-0:239-18.el8
  • systemd-devel-0:239-18.el8
  • systemd-journal-remote-0:239-18.el8
  • systemd-journal-remote-debuginfo-0:239-18.el8
  • systemd-libs-0:239-18.el8
  • systemd-libs-debuginfo-0:239-18.el8
  • systemd-pam-0:239-18.el8
  • systemd-pam-debuginfo-0:239-18.el8
  • systemd-tests-0:239-18.el8
  • systemd-tests-debuginfo-0:239-18.el8
  • systemd-udev-0:239-18.el8
  • systemd-udev-debuginfo-0:239-18.el8