Vulnerability Name: CVE-2019-15718 (CCN-166496) Assigned: 2019-09-03 Published: 2019-09-03 Updated: 2022-02-20 Summary: In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. CVSS v3 Severity: 4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N )3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N )4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L )4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:C/A:N )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-noinfo CWE-285 Vulnerability Consequences: Bypass Security References: Source: MITRE Type: CNACVE-2019-15718 Source: MISC Type: Exploit, Mailing List, Third Party Advisoryhttp://www.openwall.com/lists/oss-security/2019/09/03/1 Source: REDHAT Type: Issue Tracking, Third Party AdvisoryRHSA-2019:3592 Source: REDHAT Type: Issue Tracking, Patch, Third Party AdvisoryRHSA-2019:3941 Source: MISC Type: Issue Tracking, Patch, Third Party Advisoryhttps://bugzilla.redhat.com/show_bug.cgi?id=1746057 Source: XF Type: UNKNOWNsystemd-cve201915718-sec-bypass(166496) Source: CCN Type: systemd GIT RepositoryResolved issue #13457 Source: FEDORA Type: Mailing List, Third Party AdvisoryFEDORA-2019-8a7dfdf1f3 Source: FEDORA Type: Mailing List, Third Party AdvisoryFEDORA-2019-24e1d561e5 Source: FEDORA Type: Mailing List, Third Party AdvisoryFEDORA-2019-d5bd5f0aa4 Source: CCN Type: oss-sec Mailing List, Tue, 3 Sep 2019 19:35:00 +0100CVE-2019-15718: Missing access controls on systemd-resolved's D-Bus interface Vulnerable Configuration: Configuration 1 :cpe:/a:systemd_project:systemd:240:*:*:*:*:*:*:* Configuration 2 :cpe:/o:fedoraproject:fedora:29:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:* Configuration 3 :cpe:/a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_8_s390x:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
systemd_project systemd 240
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
redhat openshift container platform 4.1
redhat enterprise linux 8.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux eus 8.4
redhat enterprise linux for ibm z systems 8 s390x *
redhat enterprise linux for ibm z systems eus 8.1
redhat enterprise linux for ibm z systems eus 8.2
redhat enterprise linux for ibm z systems eus 8.4
redhat enterprise linux for ibm z systems eus s390x 8.1
redhat enterprise linux for ibm z systems eus s390x 8.2
redhat enterprise linux for power little endian 8.0
redhat enterprise linux for power little endian eus 8.1
redhat enterprise linux for power little endian eus 8.2
redhat enterprise linux for power little endian eus 8.4
redhat enterprise linux server aus 8.2
redhat enterprise linux server aus 8.4
redhat enterprise linux server for power little endian update services for sap solutions 8.1
redhat enterprise linux server for power little endian update services for sap solutions 8.2
redhat enterprise linux server for power little endian update services for sap solutions 8.4
redhat enterprise linux server tus 8.2
redhat enterprise linux server tus 8.4
redhat enterprise linux server update services for sap solutions 8.1
redhat enterprise linux server update services for sap solutions 8.2
redhat enterprise linux server update services for sap solutions 8.4