Unrated severityNVD Advisory· Published Sep 4, 2019· Updated Aug 5, 2024
CVE-2019-15718
CVE-2019-15718
Description
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- systemd/systemddescription
- Range: = 240
- Range: = 240
Patches
Vulnerability mechanics
References
7- access.redhat.com/errata/RHSA-2019:3592mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:3941mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/mitrevendor-advisoryx_refsource_FEDORA
- www.openwall.com/lists/oss-security/2019/09/03/1mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.