Systemd- Linux Distros vulnerable to Malicious DNS response
June 29, 2017
Adeel Khan (25 articles)
Share

Systemd- Linux Distros vulnerable to Malicious DNS response

Systemd, a popular init system and service manager for Linux operating systems, that could allow attackers to remotely trigger buffer overflow and execute malicious code via a DNS response.

The vulnerability resides in ‘dns_packet_new’ function of ‘systemd-resolved’, a DNS response handler component that provides network name resolution to local applications and has been labelled as CVE-2017-9445.

It is also stated by the researcher that the ‘Systemd-resolved’ program can be crashed remotely if a malicious DNS response is sent when the system lookups for a hostname on an attacker-controlled DNS service. This can also allow the attacker to overwrite the memory leading to remote code execution.

The vulnerability is known to be present since Systemd version 223 and is present in all the versions that were released up to now including Systemd version 233.

Ubuntu versions 17.04 and version 16.10; Debian versions Stretch (aka Debian 9), Buster (aka 10), Sid (aka Unstable) and various other Linux distributions are all said to have the bug.

The good news is that the security patches have been released and it is recommended that all users and administrators patch up their systems and update their Linux distros as soon as possible.

Source: http://openwall.com/lists/oss-security/2017/06/27/8