CVE-2019-15718

Name of the Vulnerable Software and Affected Versions systemd version 240

Description The issue is related to the function bus open system watch bind with description in shared/bus-util.c of the Systemd daemon, which has inadequate access control. This can be exploited by an unprivileged user to elevate their privileges and modify DNS settings by executing restricted D-Bus methods. The sd bus set trusted call disables access controls for incoming D-Bus messages, allowing the exploitation.

Recommendations For version 240, consider disabling the bus open system watch bind with description function as a temporary workaround until a patch is available. Restrict access to the systemd-resolved component to minimize the risk of exploitation. Avoid using the sd bus set trusted call in the affected D-Bus instance until the issue is resolved.