Ubuntu.comUB:CVE-2023-7008CVE-2023-7008
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.0%
A vulnerability was found in systemd-resolved. This issue may allow
systemd-resolved to accept records of DNSSEC-signed domains even when they
have no signature, allowing man-in-the-middles (or the upstream DNS
resolver) to manipulate records.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=2222672>
- <https://github.com/systemd/systemd/issues/15158 (older)>
- <https://github.com/systemd/systemd/issues/25676 (newer)>
Notes
| Author | Note |
|---|---|
| Priority reason: DNSSEC is an experimental feature in systemd with known issues | |
| mdeslaur | DNSSEC is turned off in Ubuntu by default, and is an experimental feature not recommended for production |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | systemd | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | systemd | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | systemd | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | systemd | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | systemd | < 255.2-3ubuntu1 | UNKNOWN |
| ubuntu | 14.04 | noarch | systemd | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | systemd | < any | UNKNOWN |
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.0%