Arch Linux Security Advisory ASA-201910-3
=========================================

Severity: Medium
Date    : 2019-10-02
CVE-ID  : CVE-2019-15718
Package : systemd
Type    : access restriction bypass
Remote  : No
Link    : https://security.archlinux.org/AVG-1035

Summary
=======

The package systemd before version 243.0-1 is vulnerable to access
restriction bypass.

Resolution
==========

Upgrade to 243.0-1.

# pacman -Syu "systemd>=243.0-1"

The problem has been fixed upstream in version 243.0.

Workaround
==========

None.

Description
===========

An improper authorization flaw was discovered in systemd-resolved
before v234 in the way it configures the exposed DBus interface
org.freedesktop.resolve1. An unprivileged local attacker could call all
DBus methods, even when marked as privileged operations. An attacker
could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC
and other network link settings without any authorization, allowing
control of the network names resolution process and cause the system to
communicate with wrong or malicious servers. Those operations should be
performed only by an high-privileged user.

Impact
======

A local unprivileged attacker is able to change the DNS, Search Domain,
LLMNR, DNSSEC and other network link settings without any
authorization, allowing control of the network names resolution process
and cause the system to communicate with wrong or malicious servers.

References
==========

https://www.openwall.com/lists/oss-security/2019/09/03/1
https://bugzilla.redhat.com/show_bug.cgi?id=1746057
https://github.com/systemd/systemd/commit/d93d10c3d101a73fe70d24154fd744a48371f002
https://github.com/systemd/systemd/pull/13457
https://security.archlinux.org/CVE-2019-15718