systemd vulnerability leads to DoS

Multiple Linux distributions are at risk to a vulnerability in systemd service that could lead to a denial-of-service (DoS) attack on unpatched systems.

The systemd vulnerability (CVE-2017-15908) could allow a remote DNS server controlled by an attacker to respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the ‘systemd-resolved’ service and cause a DoS of the affected service.

Trend Micro discovered the flaw back in July and reported it to affected vendors. Patches were rolled out in late October, such as Ubuntu Linux distributions.

No attacks are reported in the wild as of yet. Trend Micro further added that new functions, such as DNS Security Extensions (DNSSEC), have been added to DNS to enhance security over time.

System admins should ensure systems apply the latest Linux patches and also monitor and check incoming DNS responses to ensure they contain resource records as specified in section 4 of RFC 4034.

Leave a Comment

Your email address will not be published. Required fields are marked *