Insecure default configuration in systemd
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-14899 |
| CWE-ID | CWE-16 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
systemd Server applications / Other server solutions |
| Vendor | Freedesktop.org |
Security Bulletin
This security bulletin contains information about 1 vulnerabilities.
Updated: 07.03.2020
Changed bulletin status to patched.
1) Insecure configuration
EUVDB-ID: #VU23460
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-14899
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
Description
The vulnerability allows a remote attacker to hijack VPN session of the victim.
The vulnerability exists due to default configuration change in the "sysctl.d/50-default.conf" file that sets "net.ipv4.conf.all.rp_filter = 2" . A remote attacker on the same local network as the victim can determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use.
Successful exploitation of this vulnerability may allows an attacker to hijack VPN session.
Install update from vendor's website.
Vulnerable software versionssystemd: 240 - 244
CPE2.3- cpe:2.3:a:freedesktop_org:systemd:240:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:systemd:241:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:systemd:241:rc1:*:*:*:*:*:*
https://seclists.org/oss-sec/2019/q4/124
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
