CVE-2019-15718 log

Source
Severity Medium
Remote No
Type Access restriction bypass
Description
An improper authorization flaw was discovered in systemd-resolved before v234 in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC and other network link settings without any authorization, allowing control of the network names resolution process and cause the system to communicate with wrong or malicious servers. Those operations should be performed only by an high-privileged user.
Group Package Affected Fixed Severity Status Ticket
AVG-1035 systemd 242.84-2 243.0-1 Medium Fixed
Date Advisory Group Package Severity Description
02 Oct 2019 ASA-201910-3 AVG-1035 systemd Medium access restriction bypass
References
https://bugzilla.redhat.com/show_bug.cgi?id=1746057
https://github.com/systemd/systemd/commit/d93d10c3d101a73fe70d24154fd744a48371f002
https://github.com/systemd/systemd/pull/13457
https://www.openwall.com/lists/oss-security/2019/09/03/1