News broke yesterday that Systemd, the Linux world’s favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Tim Helming, Director of Product Management at DomainTools commented below.
Tim Helming, Director of Product Management at DomainTools:
“While any buffer overflow that allows remote code execution is serious, there are a couple of mitigating factors which should (we hope) keep the damage level relatively low for this vulnerability/exploit. Besides the obvious (a patch is available for anyone running the affected versions of systemd), the exploit depends on a malicious (or compromised) DNS server. So the attacker would have to go to some trouble to exploit this vulnerability, by pointing potential victims to a malicious server. The easiest way to do this would be to set up the server as the authoritative name server for domain(s) controlled by the attacker. Otherwise, the attacker has to find another way to insert their server into the data flow, or to compromise other peoples’ DNS servers to enable the malicious response payloads. So, patching is important, but it would take some doing to make this exploit a widespread phenomenon.”