CVE-2017-9445 in Ubuntu

CVE-2017-9445

Priority

High

Description

In systemd through 233, certain sizes passed to dns_packet_new in
systemd-resolved can cause it to allocate a buffer that's too small. A
malicious DNS server can exploit this via a response with a specially
crafted TCP payload to trick systemd-resolved into allocating a buffer
that's too small, and subsequently write arbitrary data beyond the end of
it.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445
https://usn.ubuntu.com/usn/usn-3341-1

Bugs

https://launchpad.net/bugs/1695546

Notes

chrisccoulson> I believe this was introduced in v223 by
https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37
chrisccoulson> systemd-resolved is not used by default in Xenial. It is
spawned if a user execs the systemd-resolve utility, but that shouldn't
impact the system.

Assigned-to

chrisccoulson

Package

Source: systemd (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected (204-5ubuntu20.24)
Ubuntu 16.04 LTS (Xenial Xerus):	released (229-4ubuntu19)
Ubuntu 17.04 (Zesty Zapus):	released (232-21ubuntu5)
Ubuntu 17.10 (Artful Aardvark):	released (233-8ubuntu2)

More Information

Updated: 2017-12-15 20:36:02 UTC (commit 13913)