CVE-2019-15718 vulnerability in FreeDesktop and Other Products
Published on September 4, 2019

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-15718

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-15718 are published in these products:

FreeDesktop Systemd

Fedora Project Fedora

Systemdproject Systemd

Red Hat Openshift Container Platform

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux Eus

Red Hat Enterprise Linux Ibm Z Systems 8 S390x

Red Hat Enterprise Linux Ibm Z Systems Eus

Red Hat Enterprise Linux Ibm Z Systems Eus S390x

Red Hat Enterprise Linux Power Little Endian

Red Hat Enterprise Linux Power Little Endian Eus

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Power Little Endian Update Services Sap Solutions

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Server Update Services Sap Solutions

Exploit Probability

EPSS

0.11%

Percentile

29.17%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-15718 vulnerability in FreeDesktop and Other ProductsPublished on September 4, 2019

Products Associated with CVE-2019-15718

Exploit Probability

CVE-2019-15718 vulnerability in FreeDesktop and Other Products
Published on September 4, 2019