In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the systemd-resolved service and cause a DoS of the affected service.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Systemd | Systemd_project | 223 (including) | 223 (including) |
| Systemd | Systemd_project | 224 (including) | 224 (including) |
| Systemd | Systemd_project | 225 (including) | 225 (including) |
| Systemd | Systemd_project | 226 (including) | 226 (including) |
| Systemd | Systemd_project | 227 (including) | 227 (including) |
| Systemd | Systemd_project | 228 (including) | 228 (including) |
| Systemd | Systemd_project | 229 (including) | 229 (including) |
| Systemd | Systemd_project | 230 (including) | 230 (including) |
| Systemd | Systemd_project | 231 (including) | 231 (including) |
| Systemd | Systemd_project | 232 (including) | 232 (including) |
| Systemd | Systemd_project | 233 (including) | 233 (including) |
| Systemd | Systemd_project | 234 (including) | 234 (including) |
| Systemd | Systemd_project | 235 (including) | 235 (including) |
| Systemd | Ubuntu | artful | * |
| Systemd | Ubuntu | devel | * |
| Systemd | Ubuntu | esm-infra/xenial | * |
| Systemd | Ubuntu | xenial | * |
| Systemd | Ubuntu | zesty | * |
References
- http://www.securityfocus.com/bid/101600
- http://www.securitytracker.com/id/1039662
- https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
- https://github.com/systemd/systemd/pull/7184
- https://usn.ubuntu.com/3558-1/
- http://www.securityfocus.com/bid/101600
- http://www.securitytracker.com/id/1039662
- https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
- https://github.com/systemd/systemd/pull/7184
- https://usn.ubuntu.com/3558-1/