4.4

CVE-2019-15718

Exploit

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.

Data is provided by the National Vulnerability Database (NVD)
Systemd ProjectSystemd Version240
FedoraprojectFedora Version29
FedoraprojectFedora Version30
FedoraprojectFedora Version31
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.1
RedhatEnterprise Linux Eus Version8.2
RedhatEnterprise Linux Eus Version8.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.292
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
http://www.openwall.com/lists/oss-security/2019/09/03/1
Third Party Advisory
Exploit
Mailing List
https://access.redhat.com/errata/RHSA-2019:3592
Third Party Advisory
Issue Tracking
https://access.redhat.com/errata/RHSA-2019:3941
Patch
Third Party Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1746057
Patch
Third Party Advisory
Issue Tracking