Unknown
CVE-2019-15718
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2019-15718
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system’s DNS resolver settings.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- enterprise linux 8.0,
- enterprise linux eus 8.1,
- enterprise linux eus 8.2,
- enterprise linux eus 8.4,
- enterprise linux for ibm z systems 8 s390x,
- enterprise linux for ibm z systems eus 8.1,
- enterprise linux for ibm z systems eus 8.2,
- enterprise linux for ibm z systems eus 8.4,
- enterprise linux for ibm z systems eus s390x 8.1,
- enterprise linux for ibm z systems eus s390x 8.2,
- enterprise linux for power little endian 8.0,
- enterprise linux for power little endian eus 8.1,
- enterprise linux for power little endian eus 8.2,
- enterprise linux for power little endian eus 8.4,
- enterprise linux server aus 8.2,
- enterprise linux server aus 8.4,
- enterprise linux server for power little endian update services for sap solutions 8.1,
- enterprise linux server for power little endian update services for sap solutions 8.2,
- enterprise linux server for power little endian update services for sap solutions 8.4,
- enterprise linux server tus 8.2,
- enterprise linux server tus 8.4,
- enterprise linux server update services for sap solutions 8.1,
- enterprise linux server update services for sap solutions 8.2,
- enterprise linux server update services for sap solutions 8.4,
- fedora 29,
- fedora 30,
- fedora 31,
- openshift container platform 4.1,
- systemd 240
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
