Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-15718

Impact: Moderate Public Date: 2019-09-03 CWE: CWE-285 Bugzilla: 1746057: CVE-2019-15718 systemd: systemd-resolved allows unprivileged users to configure DNS An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC and other network link settings without any authorization, allowing control of the network names resolution process and cause the system to communicate with wrong or malicious servers.

Source

An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC and other network link settings without any authorization, allowing control of the network names resolution process and cause the system to communicate with wrong or malicious servers.

Find out more about CVE-2019-15718 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7 as the shipped systemd-resolved does not provide any privileged DBus method.
This issue does affect the versions of systemd as shipped with Red Hat Enterprise Linux 8, however the systemd-resolved service is not enabled by default, so the flaw cannot be exploited unless the service was manually enabled.

The flaw was rated as Moderate as it requires a local attacker and changing the DNS servers cannot compromise the system by itself, though it could be used for phishing attacks or to redirect the users to malicious websites. Moreover, on Red Hat Enterprise Linux 8 systemd-resolved needs to be manually enabled by an administrator to make the system vulnerable.

OpenShift Container Platform 4 includes a vulnerable version of systemd on RHEL CoreOS nodes. However, the systemd-resolved service is removed from RHEL CoreOS instances, making this vulnerability not exploitable. This flaw is rated Low for OpenShift Container Platform 4.

Red Hat Enterprise Linux 8:
This vulnerability is currently targeted to be addressed in an upcoming release.

Red Hat OpenShift Container Platform 4.1:
This vulnerability is currently targeted to be addressed in an upcoming release.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score	0
CVSS3 Base Metrics	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N
Attack Vector	Local
Attack Complexity	High
Privileges Required	High
User Interaction	None
Scope	Unchanged
Confidentiality	None
Integrity Impact	None
Availability Impact	None

Affected Packages State

Platform	Package	State
Red Hat OpenShift Container Platform 4.1	systemd	Affected
Red Hat Enterprise Linux 8	systemd	Affected
Red Hat Enterprise Linux 7	systemd	Not affected

Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Mitigation

Disable systemd-resolved service by using `sudo systemctl disable systemd-resolved`.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-15718

Statement

CVSS v3 metrics

Affected Packages State

Mitigation

Vulmon Search

About

Products

Connect