본문 바로가기

취약점 정보2

우분투 보안 권고(systemd vulnerability)

728x90

특수하게 조작 된 DNS 응답을 처리 할 때 systemd-resolved에서 범위를 벗어난 쓰기가 발견되었습니다. 

원격 공격자는 잠재적으로 이를 사용하여 서비스 거부를 유발하거나 임의 코드를 실행할 수 있습니다.


==========================================================================

Ubuntu Security Notice USN-3341-1

June 27, 2017


systemd vulnerability

==========================================================================


A security issue affects these releases of Ubuntu and its derivatives:


- Ubuntu 17.04

- Ubuntu 16.10


Summary:


systemd-resolved could be made to crash or run programs if it received

a specially crafted DNS response.


Software Description:

- systemd: system and service manager


Details:


An out-of-bounds write was discovered in systemd-resolved when handling

specially crafted DNS responses. A remote attacker could potentially

exploit this to cause a denial of service (daemon crash) or execute

arbitrary code. (CVE-2017-9445)


Update instructions:


The problem can be corrected by updating your system to the following

package versions:


Ubuntu 17.04:

  systemd                         232-21ubuntu5


Ubuntu 16.10:

  systemd                         231-9ubuntu5


In general, a standard system update will make all the necessary changes.


References:

  https://www.ubuntu.com/usn/usn-3341-1

  CVE-2017-9445, https://launchpad.net/bugs/1695546


Package Information:

  https://launchpad.net/ubuntu/+source/systemd/232-21ubuntu5

  https://launchpad.net/ubuntu/+source/systemd/231-9ubuntu5

728x90