4.4
CVE-2019-15718
- EPSS 0.51%
- Veröffentlicht 04.09.2019 12:15:11
- Zuletzt bearbeitet 21.11.2024 04:29:19
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Systemd Project ≫ Systemd Version240
Fedoraproject ≫ Fedora Version29
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Redhat ≫ Openshift Container Platform Version4.1
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Eus Version8.1
Redhat ≫ Enterprise Linux Eus Version8.2
Redhat ≫ Enterprise Linux Eus Version8.4
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.1
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.2
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus S390x Version8.1
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus S390x Version8.2
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.1
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.1
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.2
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.394 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 1.8 | 2.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
http://www.openwall.com/lists/oss-security/2019/09/03/1
https://access.redhat.com/errata/RHSA-2019:3592
https://access.redhat.com/errata/RHSA-2019:3941
https://bugzilla.redhat.com/show_bug.cgi?id=1746057
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/