SB2019090402 - Multiple vulnerabilities in systemd

Description

This security bulletin contains information about 2 vulnerabilities.

1) Incorrect default permissions (CVE-ID: CVE-2019-15718)

CWE-ID: CWE-276 - Incorrect Default Permissions

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to change DNS settings.

The vulnerability exists due to the systemd-resolved D-Bus interface does not enforce appropriate access controls. A local unprivileged user can modify DNS resolver settings.

2) Memory leak (CVE-ID: CVE-2019-20386)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in button_open() function in login/logind-button.c in systemd. A remote attacker can execute the udevadm trigger command and perform denial of service attack.

Remediation

Install update from vendor's website.

References

• https://github.com/systemd/systemd/pull/13457/commits/35e528018f315798d3bffcb592b32a0d8f5162bd
• https://github.com/systemd/systemd/pull/13457
• https://www.openwall.com/lists/oss-security/2019/09/03/1
• https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad