systemd Vulnerability Leads to Denial of Service on Linux [source: trendmicro]

Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver could cause a denial-of-service attack on vulnerable systems. The vulnerability is exploited by having the vulnerable system send a DNS query to a DNS server controlled by the attackers. The DNS server would then return a specially crafted query, causing systemd to enter an infinite loop that pins the system’s CPU usage to 100%. This vulnerability was assigned CVE-2017-15908.

There are multiple ways to get the user to query a DNS server under the control of a threat actor, but the easiest would be to get the user’s system to visit a domain controlled by the attacker. This could be done using malware or social engineering.

The most effective fix for this flaw is to patch the underlying flaw in systemd. We first discovered this flaw in July of this year and reported it to the appropriate vendors via the Zero-Day Initiative (ZDI) in the same month. Independent researchers found the same vulnerability in October of this year and reported it to Canonical. Fixes were rolled out to various Linux distributions such as Ubuntu in late October as well. Fortunately, no attacks against this vulnerability are known to be in the wild yet.

For more, click here.

Share