Vulnerability Name: CVE-2019-15718 (CCN-166496) Assigned: 2019-09-03 Published: 2019-09-03 Updated: 2022-02-20 Summary: In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. CVSS v3 Severity: 4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:C/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-noinfo CWE-285 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2019-15718 http://www.openwall.com/lists/oss-security/2019/09/03/1 RHSA-2019:3592 RHSA-2019:3941 https://bugzilla.redhat.com/show_bug.cgi?id=1746057 systemd-cve201915718-sec-bypass(166496) Resolved issue #13457 FEDORA-2019-8a7dfdf1f3 FEDORA-2019-24e1d561e5 FEDORA-2019-d5bd5f0aa4 CVE-2019-15718: Missing access controls on systemd-resolved's D-Bus interface Vulnerable Configuration: Configuration 1 :cpe:/a:systemd_project:systemd:240:*:*:*:*:*:*:* Configuration 2 :cpe:/o:fedoraproject:fedora:29:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:* Configuration 3 :cpe:/a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_8_s390x:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:* Oval Definitions BACK
systemd_project systemd 240
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
redhat openshift container platform 4.1
redhat enterprise linux 8.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux eus 8.4
redhat enterprise linux for ibm z systems 8 s390x *
redhat enterprise linux for ibm z systems eus 8.1
redhat enterprise linux for ibm z systems eus 8.2
redhat enterprise linux for ibm z systems eus 8.4
redhat enterprise linux for ibm z systems eus s390x 8.1
redhat enterprise linux for ibm z systems eus s390x 8.2
redhat enterprise linux for power little endian 8.0
redhat enterprise linux for power little endian eus 8.1
redhat enterprise linux for power little endian eus 8.2
redhat enterprise linux for power little endian eus 8.4
redhat enterprise linux server aus 8.2
redhat enterprise linux server aus 8.4
redhat enterprise linux server for power little endian update services for sap solutions 8.1
redhat enterprise linux server for power little endian update services for sap solutions 8.2
redhat enterprise linux server for power little endian update services for sap solutions 8.4
redhat enterprise linux server tus 8.2
redhat enterprise linux server tus 8.4
redhat enterprise linux server update services for sap solutions 8.1
redhat enterprise linux server update services for sap solutions 8.2
redhat enterprise linux server update services for sap solutions 8.4
Denotes that component is vulnerable