ASA-201707-2 log original external raw
[ASA-201707-2] systemd: arbitrary code execution |
---|
Arch Linux Security Advisory ASA-201707-2
=========================================
Severity: Critical
Date : 2017-07-03
CVE-ID : CVE-2017-9445
Package : systemd
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-329
Summary
=======
The package systemd before version 233-6 is vulnerable to arbitrary
code execution.
Resolution
==========
Upgrade to 233-6.
# pacman -Syu "systemd>=233-6"
The problem has been fixed upstream in version 233.
Workaround
==========
None.
Description
===========
An out-of-bounds write was discovered in systemd-resolved when handling
specially crafted DNS responses. A remote attacker could potentially
exploit this to cause a denial of service (daemon crash) or execute
arbitrary code.
Impact
======
A remote attacker is able to craft a malicious DNS response to crash
systemd-resolved or execute arbitrary code on the target host.
References
==========
https://bugs.archlinux.org/task/54619
http://seclists.org/oss-sec/2017/q2/618
https://security.archlinux.org/CVE-2017-9445
|