Canonical has fixed a newly found systemd vulnerability (CVE-2017-9445). The vulnerability affected the systemd-resolved components in Ubuntu 16.10 (Yakkety Yak) and Ubuntu 17.04 (Zesty Zapus).
The vulnerability could enable a remote attacker to crash the systemd daemon, which could further result in a distributed-denial-of-service (DDoS) attack. It was also possible for the attackers to run malicious programs on the vulnerable machines using crafted DNS response. Canonical has published a security advisory to detail the flaw.
Certain sizes are passed to dns_packet_new in systemd through 233 that can allocate a smaller buffer to it. “A malicious DNS can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that is too small, and subsequently write arbitrary data beyond the end of it,” the advisory details.
Canonical confirms that the vulnerability is hidden under Ubuntu 16.10 and 17.04 and affects its official derivatives like Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, Ubuntu GNOME, Ubuntu Kylin, Ubuntu Studio, Ubuntu Server and Ubuntu Cloud.
Therefore, users of the affected Ubuntu platform are recommended to update their systems as soon as the update is available in their respective stable repository. Ubuntu 17.04 users will have to update to systemd 232-21ubuntu5, while Ubuntu 16.10 users need to pick systemd 231-9ubuntu5.