CVE-2019-15718

Impact:
Moderate
Public Date:
2019-09-03
CWE:
CWE-285
Bugzilla:
1746057: CVE-2019-15718 systemd: systemd-resolved allows unprivileged users to configure DNS
An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC and other network link settings without any authorization, allowing control of the network names resolution process and cause the system to communicate with wrong or malicious servers.

Find out more about CVE-2019-15718 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7 as the shipped systemd-resolved does not provide any privileged DBus method.
This issue does affect the versions of systemd as shipped with Red Hat Enterprise Linux 8, however the systemd-resolved service is not enabled by default, so the flaw cannot be exploited unless the service was manually enabled.

The flaw was rated as Moderate as it requires a local attacker and changing the DNS servers cannot compromise the system by itself, though it could be used for phishing attacks or to redirect the users to malicious websites. Moreover, on Red Hat Enterprise Linux 8 systemd-resolved needs to be manually enabled by an administrator to make the system vulnerable.

OpenShift Container Platform 4 includes a vulnerable version of systemd on RHEL CoreOS nodes. However, the systemd-resolved service is removed from RHEL CoreOS instances, making this vulnerability not exploitable. This flaw is rated Low for OpenShift Container Platform 4.

Red Hat Enterprise Linux 8:
This vulnerability is currently targeted to be addressed in an upcoming release.

Red Hat OpenShift Container Platform 4.1:
This vulnerability is currently targeted to be addressed in an upcoming release.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Affected Packages State

Platform Package State
Red Hat OpenShift Container Platform 4.1 systemd Affected
Red Hat Enterprise Linux 8 systemd Affected
Red Hat Enterprise Linux 7 systemd Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Mitigation

Disable systemd-resolved service by using `sudo systemctl disable systemd-resolved`.

Last Modified