CVE-2017-9445: systemd Hit By New Security Vulnerability

Found on Phoronix on Wednesday, 28 June 2017

This "high" level security notice is regarding an out-of-bounds write in systemd-resolved that could allow a remote attacker to crash the daemon or execute arbitrary code via a DNS response. This bug has been present since systemd 223 and was still present in systemd as of yesterday.

Why on earth should an init system contain its own DNS resolver? A buggy one with many more issues than this one even. Probably the same reason why there is network functionality in it, its own http server and QR code generator: because they can. Hopefully this piece of junk will sooner than later be replaced by a real init system which follows a UNIX tradition: do one thing, but do it good and right.

Browse all articles« Previous « » Next »