0

A new vulnerability has discovered on the systemd package called Evil DNS allowing the remote control of a linux machine. From the security-tracker.debian , the debian Stretch , Buster and Sid are vulnerable. ( Also affect a various Linux distro with Systemd)

System check:

On Debian Stretch , my systemd --version is systemd 232 before and after the system update.

The systemctl status systemd-resolved.service command say that the systemd-resolved is disabled.

How to easily understand and mitigate the Evil DNS remote attack under linux systems? Does stopping the systemd-resolved service is sufficient to prevent the Evil DNS attack?

Improve this question

1 Answer 1

Reset to default
2

As per the Ubuntu security notice, the issue only affects systemd-resolved (this can be confirmed by looking at the patch fixing the issue). So a system which isn’t running systemd-resolved isn’t exposed, and stopping systemd-resolved is sufficient to prevent the attack.

This is the reason why the Debian tracker mentions “[stretch] - systemd (Minor issue, systemd-resolved not enabled by default)”, meaning that while Debian 9 does include the affected code, it’s a minor issue and won’t result in a security advisory. You can receive notification of the fix in Debian 9 or later by subscribing to the corresponding Debian bug.

Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.