| ID | CVE-2019-15718 | ||||||
| Sažetak | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | ||||||
| Reference |
|
||||||
| CVSS |
|
||||||
| Pristup |
|
||||||
| Impact |
|
||||||
| CVSS vektor | AV:L/AC:L/Au:N/C:P/I:P/A:N | ||||||
| Zadnje važnije ažuriranje | 07-11-2023 - 03:05 | ||||||
| Objavljeno | 04-09-2019 - 12:15 |

