A critical loophole has been discovered in SystemD, the popular first character system and service manager for Linux operating systems, which can allow remote attackers to tolerate a buffer overflow to run malicious code on their choice through DNS response machines. Thus, Linux PC can be hacked remotely with malicious DNS response.
The vulnerability, called CVE-2017-9445, lies in fact, in response to the “dns_packet_new ‘system de-resolved DNS component control that provides network name resolution to local application functionality.
This was stated in a note published Tuesday, a specially designed malicious DNS, the answer may prevent the program specified by the system “remotely when the system tries to find the hostname of the DNS server controlled by the attacker.
Eventually, the buffer floods a large DNS response, allowing an attacker to write memory that results in remote code execution.
This means that attackers can remotely run any malware on the target system or server through its bad DNS service.
“At System D through 233, certain dns_packet_new sizes can be passed in a system-wide solution that will customize a buffer that is too small,” says Chris Coulson, Ubuntu’s canon developer.
“A malicious DNS server can be exploited by responding with a TCP load specially designed to fool a system de-solution to allocate a buffer that is too small, then write arbitrary data after it is finished.” This Leads To Linux PC Can Be Hacked Remotely With Malicious DNS Response.
This has been the current weakness since the 223 release of the System due introduced in June 2015 and is present in every way up, including the 233 version of System De launched in March of this year.
Of course, system-de-solution must be running on your system to be at risk. Linux PC Can Be Hacked Remotely With Malicious DNS Response.
The error exists in versions 17.04 and 10.16 of Ubuntu. Debian Extenders (aka Debian 9), Buster (pseudonym 10) and Macao (also known as Unstable); and many other Linux distributions that use SystemD.
Which carried out security patches to remedy this problem, so strongly recommend that users and system administrators that installing and updating Linux distributions as soon as possible is recommended.
