systemd-resolved before v234 does not properly enforce any access control to its dbus methods, allowing any unprivileged user to access its API. An attacker may use this flaw to configure the DNS, the Default Route or other properties of a network link. Those operations should be performed only by an high-privileged user.
systemd-resolved before v234 does not properly enforce any access control to its dbus methods, allowing any unprivileged user to access its API. An attacker may use this flaw to configure the DNS, the Default Route or other properties of a network link. Those operations should be performed only by an high-privileged user.
https://bugzilla.redhat.com/show_bug.cgi?id=1746057 https://github.com/systemd/systemd/pull/13457/commits/35e528018f315798d3bffcb592b32a0d8f5162bd