Re: FWD: CVE-request: systemd-resolved DNS cache poisoning

To: debian-user@lists.debian.org
Subject: Re: FWD: CVE-request: systemd-resolved DNS cache poisoning
From: Reco <recoverym4n@gmail.com>
Date: Wed, 12 Nov 2014 19:56:20 +0300
Message-id: <[🔎] 20141112165619.GA11484@x101h>
In-reply-to: <[🔎] CAJSM8J3f-AzXoe_f2uxSHfz+-EhPbMTeN8SC+8gAHjZYW-PzSg@mail.gmail.com>
References: <[🔎] CAJSM8J3f-AzXoe_f2uxSHfz+-EhPbMTeN8SC+8gAHjZYW-PzSg@mail.gmail.com>

 Hi.

On Wed, Nov 12, 2014 at 02:22:06PM -0200, Martinx - ジェームズ wrote:
> Guys,
> 
> This worth to be read:
> 
> http://seclists.org/oss-sec/2014/q4/592

The link says:

systemd-resolved contains a caching resolver, which has to be enabled
via /etc/nsswitch.conf in order to be integrated.

So, disable offending DNS cache (if it's enabled), install conventional
nscd, problem solved.

And, according to CVE database, that's eighth vulnerability in systemd
suite. Not that much given systemd's lifetime.

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=systemd

Reco

Reply to:

References:
- FWD: CVE-request: systemd-resolved DNS cache poisoning
  - From: Martinx - ジェームズ <thiagocmartinsc@gmail.com>

Prev by Date: Re: how to install amd64 instead i386
Next by Date: Re: Installing an Alternative Init?
Previous by thread: FWD: CVE-request: systemd-resolved DNS cache poisoning
Next by thread: Re: FWD: CVE-request: systemd-resolved DNS cache poisoning
Index(es):
- Date
- Thread