Vulnerabilities > CVE-2019-15718
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
Vulnerable Configurations
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1054.NASL description According to the version of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system last seen 2020-06-01 modified 2020-06-02 plugin id 132808 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132808 title EulerOS Virtualization for ARM 64 3.0.5.0 : systemd (EulerOS-SA-2020-1054) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2121.NASL description According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system last seen 2020-05-03 modified 2019-11-12 plugin id 130830 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130830 title EulerOS 2.0 SP8 : systemd (EulerOS-SA-2019-2121) NASL family Fedora Local Security Checks NASL id FEDORA_2019-D5BD5F0AA4.NASL description - Update to latest release - Emission of Session property-changed notifications from logind is fixed (this was breaking the switching of sessions to and from gnome). - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved. Now proper polkit authorization is required (CVE-2019-15718). Switching ttys will work again after reboot. Otherwise, no log out or reboot is required. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129651 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129651 title Fedora 31 : systemd (2019-d5bd5f0aa4) NASL family Fedora Local Security Checks NASL id FEDORA_2019-24E1D561E5.NASL description - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved (CVE-2019-15718). - Various minor fixes (memory issues, compat with newer kernels, log message improvements, etc.). - hwdb entries for keyboards are updated to the latest version No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128535 published 2019-09-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128535 title Fedora 30 : systemd (2019-24e1d561e5) NASL family Fedora Local Security Checks NASL id FEDORA_2019-8A7DFDF1F3.NASL description - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved (CVE-2019-15718) - hwdb entries for keyboards are updated to the latest version (#1725717) No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129030 published 2019-09-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129030 title Fedora 29 : systemd (2019-8a7dfdf1f3) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3592.NASL description An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: systemd-resolved allows unprivileged users to configure DNS (CVE-2019-15718) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 130557 published 2019-11-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130557 title RHEL 8 : systemd (RHSA-2019:3592) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4120-1.NASL description It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system last seen 2020-06-01 modified 2020-06-02 plugin id 128506 published 2019-09-04 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128506 title Ubuntu 18.04 LTS / 19.04 : systemd vulnerability (USN-4120-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2019/09/03/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1746057
- https://access.redhat.com/errata/RHSA-2019:3592
- https://access.redhat.com/errata/RHSA-2019:3941
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/