23rd November 2017 By William Gamazo Sanchez (Vulnerability Research)
Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver could cause a denial-of-service attack on vulnerable systems. The vulnerability is exploited by having the vulnerable system send a DNS query to a DNS server controlled by the attackers. The DNS server would then return a specially crafted query, causing systemd to enter an infinite loop that pins the system’s CPU usage to 100%. This vulnerability was assigned CVE-2017-15908.
There are multiple ways to get the user to query a DNS server under the control of a threat actor, but the easiest would be to get the user’s system to visit a domain controlled by the attacker. This could be done using malware or social engineering.
Full Article.
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico