Announcement

Collapse
No announcement yet.

systemd DNS vulnerability in 16-10 and 17-04

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    systemd DNS vulnerability in 16-10 and 17-04

    https://www.ubuntu.com/usn/usn-3341-1/

    Details

    An out-of-bounds write was discovered in systemd-resolved when handling
    specially crafted DNS responses. A remote attacker could potentially
    exploit this to cause a denial of service (daemon crash) or execute
    arbitrary code. (CVE-2017-9445)

    Update instructions

    The problem can be corrected by updating your system to the following package version:
    Ubuntu 17.04:systemd 232-21ubuntu5Ubuntu 16.10:systemd 231-9ubuntu5To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
    In general, a standard system update will make all the necessary changes.
    The fix is the usual update & upgrade procedure.

    Previous releases are not mentioned.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Originally posted by GreyGeek View Post
    Previous releases are not mentioned.
    16.04 is still unpatched, but it uses dnsmasq by default and systemd-resolved is disabled...so this vulnerability is a potential problem only if one has manually changed the resolver to systemd-resolved.
    Older than 16.04 should have a systemd versions that are not affected by the bug.

    Things like these are one of the reasons I always use manually set trusted dns-servers rather than relying on dhcp to get one (which can be a problem on networks that aren't under your control, and not just because of this vulnerability).

    Comment


      #3
      Originally posted by kubicle View Post
      Things like these are one of the reasons I always use manually set trusted dns-servers rather than relying on dhcp to get one (which can be a problem on networks that aren't under your control, and not just because of this vulnerability).
      I use OpenDNS...I assume this could be considered "trusted". At any rate, seems faster than the default Spectrum DNS', and allows some degree of content filtering, which is a plus.
      ​"Keep it between the ditches"
      K*Digest Blog
      K*Digest on Twitter

      Comment


        #4
        Originally posted by kubicle View Post
        16.04 is still unpatched, but it uses dnsmasq by default and systemd-resolved is disabled...so this vulnerability is a potential problem only if one has manually changed the resolver to systemd-resolved.
        Older than 16.04 should have a systemd versions that are not affected by the bug.

        Things like these are one of the reasons I always use manually set trusted dns-servers rather than relying on dhcp to get one (which can be a problem on networks that aren't under your control, and not just because of this vulnerability).
        systemd-resolved

        Here's my "resolv" settings in systemd:
        Click image for larger version

Name:	systemd-resolv.png
Views:	1
Size:	61.0 KB
ID:	643541
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #5
          Originally posted by GreyGeek View Post
          systemd-resolved
          resolved [https://www.freedesktop.org/wiki/Sof...emd/resolved/] is the "vulnerable" systemd implementation of a DNS resolver/cache included in systemd version 229+ (the version included in 16.04). However, it is not enabled by default in 16.04, which uses the older resolvconf/dnsmasq to handle dns resolving and local caching.

          systemd-resolved is the default (and active) from version 16.10 onwards.

          In your screenshot, you can see that systemd-resolved.service is disabled ("unloaded"), so that suggests you're running 16.04 (or KDE Neon) and also that you aren't affected by the vulnerability.

          Systemd (the init daemon) is of course able to use/start/handle alternative resolvers as well (you can see the enabled ("loaded") systemd unit for resolvconf.service in your screenshot)
          Last edited by kubicle; Jun 29, 2017, 12:56 PM.

          Comment


            #6
            Code:
            vinny@vinny-Bonobo-Extreme:~$ dpkg -l | grep systemd
            ii  libnss-resolve:amd64                            232-21ubuntu5                               amd64        nss module to resolve names via systemd-resolved
            ii  libpam-systemd:amd64                            232-21ubuntu5                               amd64        system and service manager - PAM module
            ii  libsystemd0:amd64                               232-21ubuntu5                               amd64        systemd utility library
            ii  python3-systemd                                 233-1                                       amd64        Python 3 bindings for systemd
            ii  systemd                                         232-21ubuntu5                               amd64        system and service manager
            ii  systemd-sysv                                    232-21ubuntu5                               amd64        system and service manager - SysV links
            I guess I'm good ,,,,,this in 17.04.

            VINNY
            i7 4core HT 8MB L3 2.9GHz
            16GB RAM
            Nvidia GTX 860M 4GB RAM 1152 cuda cores

            Comment


              #7
              Originally posted by vinnywright View Post
              I guess I'm good ,,,,,this in 17.04.
              Yes, you have a patched version of systemd (where the vulnerability in resolved has been fixed).

              Comment

              Working...
              X