Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635514 (CVE-2017-15908) - <sys-apps/systemd-233-r5: Remote DNS server can cause infinite loop through custom crafted DNS NSEC resource record
Summary: <sys-apps/systemd-233-r5: Remote DNS server can cause infinite loop through c...
Status: RESOLVED FIXED
Alias: CVE-2017-15908
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugs.launchpad.net/ubuntu/+so...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2017-9217
Blocks:
  Show dependency tree
 
Reported: 2017-10-26 16:37 UTC by Aleksandr Wagner (Kivak)
Modified: 2017-11-24 21:50 UTC (History)
1 user (show)

See Also:
Package list:
sys-apps/systemd-233-r5
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-10-26 16:37:30 UTC
CVE-2017-15908 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908):

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. 

References:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
https://github.com/systemd/systemd/pull/7184

Note: A patch is available upstream, however the commit has not been included in any releases yet.
Comment 1 Larry the Git Cow gentoo-dev 2017-10-26 21:37:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06c2355e8eca30994fa0416793e2e04efd652c41

commit 06c2355e8eca30994fa0416793e2e04efd652c41
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2017-10-26 21:36:27 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2017-10-26 21:36:45 +0000

    sys-apps/systemd: backport fix for CVE-2017-15908
    
    Bug: https://bugs.gentoo.org/635514
    Package-Manager: Portage-2.3.11_p4, Repoman-2.3.3_p62

 sys-apps/systemd/files/CVE-2017-15908.patch        |  39 ++
 sys-apps/systemd/systemd-233-r5.ebuild             | 461 +++++++++++++++++++++
 .../{systemd-235.ebuild => systemd-235-r1.ebuild}  |   1 +
 3 files changed, 501 insertions(+)}
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-27 13:50:08 UTC
x86 stable
Comment 3 Aleksandr Wagner (Kivak) 2017-11-08 17:22:51 UTC
systemd-233-r6 is in the tree and contains the fix for this CVE. Stabilization has occurred on bug 635718.
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2017-11-24 21:50:52 UTC
GLSA Vote: No

cleanup will happen in bug 635718