A critical vulnerability has been discovered in Systemd, the popular init system and service manager for Linux operating systems, that could allow remote attackers to potentially trigger a buffer overflow to execute malicious code on the targeted machines via a DNS response.
The vulnerability, designated as CVE-2017-9445, actually resides in the ‘dns_packet_new‘ function of ‘systemd-resolved,’ a DNS response handler component that provides network name resolution to local applications.
According to an advisory published Tuesday, a specially crafted malicious DNS response can crash ‘systemd-resolved’ program remotely when the system tries to lookup for a hostname on an attacker-controlled DNS service.
Eventually, large DNS response overflows the buffer, allowing an attacker to overwrite the memory which leads to remote code execution.
This means the attackers can remotely run any malware on the targeted system or server via their evil DNS service.
“In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that’s too small,” explains Chris Coulson, Ubuntu developer at Canonical.
“A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it.”
Source: The Hacker News