CVE-2017-9445: systemd Hit By New Security Vulnerability

Written by Michael Larabel in Linux Security on 28 June 2017 at 07:39 AM EDT. 89 Comments
LINUX SECURITY
CVE-2017-9445 is regarding a vulnerability opened by systemd that could allow malicious actors to crash the program or run programs via a specially crafted DNS response.

This "high" level security notice is regarding an out-of-bounds write in systemd-resolved that could allow a remote attacker to crash the daemon or execute arbitrary code via a DNS response. This bug has been present since systemd 223 and was still present in systemd as of yesterday. Of course, systemd-resolved must be running on the system for your system to be vulnerable.

More details via this oss-security report by a Canonical employee and this CVE report.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week