Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201707-2
HistoryJul 03, 2017 - 12:00 a.m.

[ASA-201707-2] systemd: arbitrary code execution

2017-07-0300:00:00
security.archlinux.org
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.528 Medium

EPSS

Percentile

97.6%

JSON

Arch Linux Security Advisory ASA-201707-2

Severity: Critical
Date : 2017-07-03
CVE-ID : CVE-2017-9445
Package : systemd
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-329

Summary

The package systemd before version 233-6 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 233-6.

pacman -Syu “systemd>=233-6”

The problem has been fixed upstream in version 233.

Workaround

None.

Description

An out-of-bounds write was discovered in systemd-resolved when handling
specially crafted DNS responses. A remote attacker could potentially
exploit this to cause a denial of service (daemon crash) or execute
arbitrary code.

Impact

A remote attacker is able to craft a malicious DNS response to crash
systemd-resolved or execute arbitrary code on the target host.

References

https://bugs.archlinux.org/task/54619
http://seclists.org/oss-sec/2017/q2/618
https://security.archlinux.org/CVE-2017-9445

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanysystemd< 233-6UNKNOWN

Related

f5 1
nessus 13
threatpost 1
seebug 1
openvas 11
thn 1
redhatcve 1
suse 2
ubuntu 1
fedora 3
myhack58 1
osv 1
checkpoint_advisories 1
ubuntucve 1
prion 1
debiancve 1
cve 1
photon 2
rosalinux 1
f5
f5
K52114338 : systemd vulnerability CVE-2017-9445
2017-07-07 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : systemd, dracut (SUSE-SU-2017:1898-1)
2017-07-20 00:00:00
Fedora 24 : systemd (2017-72f0c1ea9c)
2017-07-03 00:00:00
Ubuntu 16.10 / 17.04 : systemd vulnerability (USN-3341-1)
2017-06-28 00:00:00
threatpost
threatpost
Ubuntu Fixes Linux Systemd Bug
2017-06-29 13:59:54
seebug
seebug
systemd CVE-2017-9445 Out-Of-Bounds Write Remote Code Execution Vulnerability
2017-07-01 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1216)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2021-1853)
2021-05-03 00:00:00
Fedora Update for systemd FEDORA-2017-29d909f5ec
2017-07-01 00:00:00
thn
thn
Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response
2017-06-28 20:16:00
redhatcve
redhatcve
CVE-2017-9445
2017-06-28 04:18:51
suse
suse
Security update for systemd, dracut (important)
2017-07-19 15:09:58
Security update for SLES 12-SP2 Docker image (important)
2017-10-11 03:08:09
ubuntu
ubuntu
Systemd vulnerability
2017-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: systemd-233-6.fc26
2017-06-29 23:29:46
[SECURITY] Fedora 25 Update: systemd-231-17.fc25
2017-06-30 00:50:57
[SECURITY] Fedora 24 Update: systemd-229-22.fc24
2017-07-03 02:20:10
myhack58
myhack58
Linux burst buffer overflow vulnerability: CVE-2017-9445-vulnerability warning-the black bar safety net
2017-07-02 00:00:00
osv
osv
CVE-2017-9445
2017-06-28 06:29:00
checkpoint_advisories
checkpoint_advisories
Systemd resolved dns_packet_new Heap Buffer Overflow (CVE-2017-9445)
2017-07-16 00:00:00
ubuntucve
ubuntucve
CVE-2017-9445
2017-06-27 00:00:00
prion
prion
Code injection
2017-06-28 06:29:00
debiancve
debiancve
CVE-2017-9445
2017-06-28 06:29:00
cve
cve
CVE-2017-9445
2017-06-28 06:29:00
photon
photon
Important Photon OS Security Update - PHSA-2017-0053
2017-07-10 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0023
2017-07-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1982
2021-07-02 18:13:58

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.528 Medium

EPSS

Percentile

97.6%

JSON
Related for ASA-201707-2
f51nessus13threatpost1seebug1openvas11thn1redhatcve1suse2ubuntu1fedora3myhack581osv1checkpoint_advisories1ubuntucve1prion1debiancve1cve1photon2rosalinux1