The Linux machine can be remotely hacked with a poisoned DNS response

CVE-2017-9445 flaw, in dns_packet_new function of systemd-resolved, a DNS response processing component provides the network name for the local application on the machine. A malicious DNS response can cause systemd-resolved to crash remotely when the system tries to find hostnames on the DNS service that has been controlled by an attacker.

Finally, too large DNS responses will cause buffer overflow, allowing an attacker to override the memory and lead to remote code execution. This means an attacker can run any malware remotely on the target computer or server via malicious DNS.

The Linux machine can be remotely hacked with a poisoned DNS response Picture 1
Hack Linux machines through poisoned DNS feedback

'On systemd through 233, a certain size passing dns_packet_new in systemd-resolved can cause overflow because it's too small,' explains Chris Coulson, Ubuntu developer at Canonical. 'Poisoned DNS server can exploit this by responding to the modified payload with TCP protocol to deceive systemd-resolved buffer distribution too small and then write random data of course. '

This vulnerability came from Systemd version 223 introduced in June 2015 and is still there until now, including the Systemd 233 release in March this year. System-resolved course must run on a new system that can be exploited.

This error is available in Ubuntu versions 17.04 and 16.10, Debian version Stretch (or Debian 9.0), Buster (or 10) and SId (or Unstable) and many other Linux systems using Systemd. Security patches have been released to solve the problem, so users and system administrators are encouraged to install and update as soon as possible.