Linux burst buffer overflow vulnerability: CVE-2017-9445-vulnerability warning-the black bar safety net

2017-07-02T00:00:00
ID MYHACK58:62201787555
Type myhack58
Reporter 佚名
Modified 2017-07-02T00:00:00

Description

Buffer overflow: is for design defect, to program the input buffer is written so that the overflow content is usually more than the buffer can save the maximum amount of data of the data, thereby undermining the program run, taking advantage of the interruption to the occasion and get the program and the control of the system. A buffer overflow refers to the original when a data more than the processing program to limit the scope of, the program appears abnormal operation. Cause of this phenomenon reasons: The presence of defects in the design. Especially the C language, unlike some other high-level languages will automatically perform array or pointer bounds checking, increasing the spill risk. The C language in the C standard library also has some of the very dangerous operation of a function, improper use of also for the overflow to create the conditions. Due to a hack in the Unix kernel found through a buffer overflow can get the system to the highest level of permissions, and become a means of attack. It was also found that the same problem also occurs on Windows operating system, so that it becomes hack of the most commonly used means of attack, worms, viruses useoperating systemhigh-risk vulnerability for destruction and large-scale propagation are the use of this technology. The more well-known worm virus, Blaster worm, the Windows-based operating system buffer overflow vulnerability.

-- Wikipedia

Canonical's Ubuntu developer Chris Coulson found a critical vulnerability, you can use it to remotely attack run popularoperating systemof the machine. The vulnerability number CVE-2017-9445 located in the Systemd init system and service manager.

A remote attacker can trigger a buffer overflow vulnerability via a malicious DNS response to execution of malicious code.

Experts have found that 'systemd-resolved' of 'dns_packet_new' function of the vulnerability, it is processing a DNS response, and as a local application to provide network name resolution. Whenever the system attempts the attacker controls the DNS service to find the host name when a specially crafted malicious DNS responses could lead to remote “systemd-resolved” the program to crash.

An attacker can send a large DNS response to trigger the vulnerability, causing a buffer overflow, remote code execution.

“Passed to the dns_packet_new certain size may cause it to the allocated buffer is too small. Page alignment of the digital - sizeof(DnsPacket)+ sizeof(iphdr)+ sizeof(udphdr will do so - so on x86 it will be a page-aligned digital - 80. For example, in the x86 calling the size of 4016 dns_packet_new will lead to 4096 bytes of allocation, but the 108 bytes for DnsPacket structure.“ Coulson explained.

Malicious DNS servers can use a specially crafted TCP payload to solve this problem, so that the system resolve allocated a too small buffer, then writes any data.

Vulnerability

This defect affects the Systemd version of 223, the version is earlier than 2015, 6 months, and thereafter further comprising 2017 3 month released Systemd version 233 to.

The vulnerabilities affect the Ubuntu 17.04 Edition and the 16.10 version ; the Debian version of the Stretch, also known as the Debian 9, The Buster, also known as the 10 and Sid aka Unstable); and the use of Systemd for the various other Linux distributions.

Linux user and system administrator must as soon as possible to update theiroperating system.

ref: Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response Linux Systemd Bug Could Have Led to the Crash, Code Execution A critical flaw allows hacking Linux machines with just a malicious DNS Response