[SECURITY ALERT] Attention Ubuntu 16.10 and 17.04 users: remote code exploit (RCE) in systemd found

in #security7 years ago (edited)

Hello Steem community,

I wanted to make sure to inform users of Ubuntu 16.10 and 17.04 to patch their systemd; a remote code exploit has been found that takes advantage of a bug in systemd combined with open port 53 to allow arbitrary code to be executed on your machine.

If you're using Ubuntu 16.04 LTS, your machine should be unaffected as port 53 should be closed by default. You can check by running the following command:

sudo nmap -sU -p 53 MACHINE_IP

Shout out to @someguy123 for providing the command above!

More details can be found on:
CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload.

The guide for patching this vulnerability can be found on Ubuntu's website here.

Sort:  

Thx for sharing.. it is unbelievable nowadays the amount of bugs and security issues there are. It is getting more and more.. And still nobody takes any actions to make backups for example...

Oh man thanks for sharing.
It's only left to understand what's Ubuntu :d

Ubuntu is a Debian-based Linux operating system for personal computers, tablets and smartphones, where Ubuntu Touch edition is used. It also runs network servers. That is usually with the Ubuntu Server edition, either on physical or virtual servers (such as on mainframes) or with containers, that is with enterprise-class features. It runs on the most popular architectures, including server-class ARM-based.

Oh i see. Thanks to wikipedia.

Ubuntu is a popular Linux distribution (perhaps the most popular) and also a Bantu term meaning "humanity to others."

oh yea just googled, sorry :d

That is one dream сohesive community. I wonder what a world would be like if all people were like that heh

Thank you this is very interesting! Followed and resteemd !!

@xorph64 Might want to get that systemd updated ;)

Commenting so I can go back to it the next time I turn on my other computer lol

So replace MACHINE_IP with 127.0.0.1 to scan my own machine locally?

Yeah, that should do the trick!

Excellent, I am good. Thanks so much for this, there is no way I would have known about this otherwise.

thanks i love ubuntu

Hey man great post. nice to see more infosec guys here 🐱‍💻 🐱‍💻 🐱‍💻

Check the TCP port also. -sS

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it

https://www.cvedetails.com/cve/CVE-2017-9445/
http://openwall.com/lists/oss-security/2017/06/27/8
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9445.html

Updates :)

always be careful on system critical systems 😀 backups😅
$ sudo apt-get update
$ sudo apt-get dist-upgrade

follow me @shifty0g

thanks mate...was really helpfull...

Congratulations @robrigo! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on any badge to view your own Board of Honnor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!