Status
Not open for further replies.

Exterminator

Community Manager
Verified
Staff member
Linux Systemd Vulnerability Enables DNS Attacks

In January 2017, security researcher Sebastian Krahmer found a bug in Linux systems which could be exploited to grant cyber-attackers root access to a targeted machine. On June 27 2017, software engineer Chris Coulson reported a different systems vulnerability.

The CVE-2017-9445 bug can be exploited by cyber-attackers with TCP packets that trick the systemd initialization daemon to enable the execution of malicious code, or trigger system crashes.

According to Coulson, “Certain sizes passed to dns_packet_new can cause it to allocate a buffer that's too small. A page-aligned number - sizeof(DnsPacket) + sizeof(iphdr) + sizeof(udphdr) will do this—so, on x86 this will be a page-aligned number—80. Eg, calling dns_packet_new with a size of 4016 on x86 will result in an allocation of 4096 bytes, but 108 bytes of this are for the DnsPacket struct.
A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.”

Coulson reports that the bug was introduced in systemd version 233 in 2015, and affecters versions through 233.

Linux's systemd is a crucial feature, which is used by many distributions to bootstrap the user space and manage all subsequent processes. The program was created by Red Hat developers. Distributions that can be exploited through systemd vulnerabilities include Debian, Ubuntu, Arch Linux, OpenSUSE, SUSE Linux Enterprise server, Gentoo Linux, Fedora, and CentOS.

Ubuntu developer Canonical has addressed the vulnerability. On Tuesday, they released a fix for Ubuntu 17.04 and Ubuntu 16.10. According to Red Hat, the vulnerability doesn't affect the versions of systemd that are used in Red Hat Enterprise Linux 7. Debian responded to the CVE-2017-9445 report by explaining that their distributions use the vulnerable versions of systemd, but it's not a concern for them because the affected systemd-resolved service is disabled by default.
 
  • Like
Reactions: _CyberGhosT_

jogs

Level 21
Verified
Until few years ago Linux was considered a secure system. There were many who said it didn't need any security software, but now everything is changed. There can't be any software which is fully secure; no mater how many patches applied and how many updates, new vulnerability will always be discovered. Nothing is 100% secured in the cyber world.
 
  • Like
Reactions: _CyberGhosT_
Status
Not open for further replies.
Top