A Systemd Vulnerability Allows Attackers Hack Linux Machines via Malicious DNS response

The flaw has been discovered by Chris Coulson (Canonical developer) in Systemd, which is an init system used in Linux distributions to bootstrap the user space and manage all processes subsequently, instead of the UNIX System V or Berkeley Software Distribution (BSD) init systems. The vulnerability could enable remote attackers to probably trigger a buffer overflow bug to execute malicious code on the targeted Linux systems via a DNS packet (response).

“A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it,”

The flaw enables an attacker to crash the system or write data to memory, enabling him to execute malicious code on the target’s machine. Hackers can take advantage of this security issue to hijack systemd instances, which due to their level of access would enable an attacker to take over the whole machine.

“A patch to resolve this has been provided by Zbigniew Jędrzejewski-Szmek, along with an additional patch to implement a test.”

Linux users and system administrators are recommended to install the latest security updates ASAP to patch this vulnerability and stay secure.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA