Bug 1463609 - (CVE-2017-9445) CVE-2017-9445 systemd: Out-of-bounds write in systemd-resolved due to allocating too small buffer in dns_packet_new
CVE-2017-9445 systemd: Out-of-bounds write in systemd-resolved due to allocat...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20170627,repo...
: Security
Depends On: 1465610 1465728
Blocks: 1463610
  Show dependency treegraph
 
Reported: 2017-06-21 06:22 EDT by Adam Mariš
Modified: 2017-07-03 10:12 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds write flaw was found in the way systemd-resolved daemon handled processing of DNS responses. A remote attacker could potentially use this flaw to crash the daemon or execute arbitrary code in the context of the daemon process.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-29 06:47:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (1.78 KB, patch)
2017-06-21 06:28 EDT, Adam Mariš
no flags Details | Diff

  None (edit)
Description Adam Mariš 2017-06-21 06:22:11 EDT
An out-of-bounds write in systemd-resolved due to allocating buffer that is too small in dns_packet_new was found. Malicious DNS server can exploit this by responding with specially crafted TCP payload to write arbitrary data beyond the allocated buffer.
Comment 1 Adam Mariš 2017-06-21 06:22:15 EDT
Acknowledgments:

Name: Chris Coulson (Canonical)
Comment 2 Adam Mariš 2017-06-21 06:28 EDT
Created attachment 1290017 [details]
Proposed patch
Comment 6 Dhiru Kholia 2017-06-23 02:57:12 EDT
Statement:

This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7.
Comment 8 Dhiru Kholia 2017-06-27 23:59:08 EDT
Created systemd tracking bugs for this issue:

Affects: fedora-all [bug 1465728]
Comment 10 Andrej Nemec 2017-06-28 05:26:48 EDT
References:

http://seclists.org/oss-sec/2017/q2/618

Note You need to log in before you can comment on or make changes to this bug.