CVE-2019-15718 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Access restriction bypass
Description	An improper authorization flaw was discovered in systemd-resolved before v234 in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC and other network link settings without any authorization, allowing control of the network names resolution process and cause the system to communicate with wrong or malicious servers. Those operations should be performed only by an high-privileged user.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1035	systemd	242.84-2	243.0-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
02 Oct 2019	ASA-201910-3	AVG-1035	systemd	Medium	access restriction bypass

References
https://bugzilla.redhat.com/show_bug.cgi?id=1746057 https://github.com/systemd/systemd/commit/d93d10c3d101a73fe70d24154fd744a48371f002 https://github.com/systemd/systemd/pull/13457 https://www.openwall.com/lists/oss-security/2019/09/03/1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1746057
https://github.com/systemd/systemd/commit/d93d10c3d101a73fe70d24154fd744a48371f002
https://github.com/systemd/systemd/pull/13457
https://www.openwall.com/lists/oss-security/2019/09/03/1