Linux Machine Can Be Remotely Hijacked By Malicious DNS Response

Now Linux machines can be hacked using a malicious DNS response (TCP). An attacker just has to send a Psuedo DNS Response to the victim. This vulnerability has been discovered in Systemd, which is a popular service manager for Linux machines, it allows remote attackers to overflow the buffer to execute a malware on the victim system by their specially crafted TCP payload.

The root of the vulnerability (CVE-2017-9445) is found to be the ‘dns_packet_new‘ function of ‘systemd-resolved‘ which is a DNS response handler component.

Here is How it works

When a victim looks up for a host in a compromised DNS server or the honeypot of attacker, attacker sends a malicious DNS response (TCP payload) to the victim system which eventually overflows the buffer because of the unusual size of the DNS response, due to the buffer overflow an attacker will be able to overwrite the memory which eventually would allow him to remotely execute a malicious code of his choice.

The vulnerability has been residing in the function from the year 2013 when systemd version 223 was released and been present till version 233 which was released earlier this year.

“Certain sizes passed to dns_packet_new can cause it to allocate a buffer that’s too small.” the advisory reads.

In further explaination of the vulnerability the ubuntu developer Chris Coulson said, “A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it.”

The vulnerability can be found in any Linux system using the systemd vulnerable versions that range from version 223 to v233.

In response to the vulnerability, the patches have been released and also are available in the advisory, the users and system administrators are recommended to patch their system as soon as possible to prevent the attack.


Note: Due to great response from the readers, we decided to give away premium ebooks to our newsletter subscribers. Subscribe to our newsletters to stay updated and access premium ebooks.