In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the systems DNS resolver settings.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Systemd | Systemd_project | 240 (including) | 240 (including) |
| Red Hat Enterprise Linux 8 | RedHat | systemd-0:239-18.el8 | * |
| Red Hat OpenShift Container Platform 4 | RedHat | machine-os-content-container | * |
| Systemd | Ubuntu | bionic | * |
| Systemd | Ubuntu | devel | * |
| Systemd | Ubuntu | disco | * |
| Systemd | Ubuntu | trusty | * |
| Systemd | Ubuntu | upstream | * |