Linux's systemd vulnerable to DNS server attack
Security experts are warning of a bug that could allow hackers to craft TCP packets that fool Linux's initialization deamon systemd, which could cause systems to crash or make them run malicious code.
Ubuntu maker Canonical has released a patch to address the issue discovered by Chris Coulson, a software engineer at the firm.
"A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," Coulson wrote.
The bug, identified as CVE-2017-9445, could be used by a remote attacker to cause a denial of service in the daemon or execute arbitrary code, Canonical notes in its advisory.
Coulson says the bug was introduced in systemd version 223 in 2015 and affects all versions through to version 233.
Canonical has rated the issue "high priority" and has released fixes for Ubuntu 17.04 and Ubuntu 16.10.
Systemd, which was created by RedHat developers, is also used by several other Linux distributions, including Debian Linux, openSUSE, and RedHat's Fedora.
Debian developers note that the issue doesn't affected Debian Wheezy and Jessie, while Stretch and Buster are vulnerable. However, in Stretch's case, the issue is considered "minor" because systems-resolved is not enabled by default.
A researcher in January discovered systemd version 232 contained a flaw that could give a local attacker root access to affected devices.