Re: Remotely exploitable bug in systemd (CVE-2017-9445)
On Sat, 1 Jul 2017 16:36:41 -0400, you wrote:
>Howdy! CVE-2017-9445 is a remotely exploitable bug in systemd. It was
>first announced to the public about four or five days ago, not sure
>when it would have been announced to the security team.
>
>Am I correct in interpreting this:
>https://security-tracker.debian.org/tracker/CVE-2017-9445
>as meaning a fix to it still isn't in sid, and therefore is not
>yet in the process of percolating down to stretch?
>
>Is there a preferred way of temporarily mitigating the problem?
>Remote exploitation that you can trigger by forcing a program to DNS
>queries seems kind of bad.
>
>Perry
https://security-tracker.debian.org/tracker/CVE-2017-9445
Name CVE-2017-9445
Description In systemd through 233, certain sizes passed to
dns_packet_new in systemd-resolved can cause it to allocate a buffer
that's too small. A malicious DNS server can exploit this via a
response with a specially crafted TCP payload to trick
systemd-resolved into allocating a buffer that's too small, and
subsequently write arbitrary data beyond the end of it.
Notes:
[stretch] - systemd <no-dsa> (Minor issue, systemd-resolved not
enabled by default)
Reply to: