Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 635514 (CVE-2017-15908)

Summary: <sys-apps/systemd-233-r5: Remote DNS server can cause infinite loop through custom crafted DNS NSEC resource record
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: systemd
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
Whiteboard: B3 [noglsa cve]
Package list:
sys-apps/systemd-233-r5
 Runtime testing required: ---
Bug Depends on: 635718    
Bug Blocks:    

Description Aleksandr Wagner (Kivak) 2017-10-26 16:37:30 UTC 
CVE-2017-15908 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908):

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. 

References:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
https://github.com/systemd/systemd/pull/7184

Note: A patch is available upstream, however the commit has not been included in any releases yet.
Comment 1 Larry the Git Cow gentoo-dev 2017-10-26 21:37:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06c2355e8eca30994fa0416793e2e04efd652c41

commit 06c2355e8eca30994fa0416793e2e04efd652c41
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2017-10-26 21:36:27 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2017-10-26 21:36:45 +0000

    sys-apps/systemd: backport fix for CVE-2017-15908
    
    Bug: https://bugs.gentoo.org/635514
    Package-Manager: Portage-2.3.11_p4, Repoman-2.3.3_p62

 sys-apps/systemd/files/CVE-2017-15908.patch        |  39 ++
 sys-apps/systemd/systemd-233-r5.ebuild             | 461 +++++++++++++++++++++
 .../{systemd-235.ebuild => systemd-235-r1.ebuild}  |   1 +
 3 files changed, 501 insertions(+)}
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-27 13:50:08 UTC 
x86 stable
Comment 3 Aleksandr Wagner (Kivak) 2017-11-08 17:22:51 UTC 
systemd-233-r6 is in the tree and contains the fix for this CVE. Stabilization has occurred on bug 635718.
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2017-11-24 21:50:52 UTC 
GLSA Vote: No

cleanup will happen in bug 635718