Vulnerability CVE-2023-7008: Information

Description

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-7008
Published: Dec. 23, 2023
Modified: Jan. 27, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
systemdp10249.17-alt1249.17-alt2ALT-PU-2024-1263-2338475Fixed
systemdc10f1249.17-alt2249.17-alt2ALT-PU-2024-6023-2344501Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2023-7008
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2222261
  • Issue Tracking
RHBZ#2222672
  • Issue Tracking
https://github.com/systemd/systemd/issues/25676
  • Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/

        1. Configuration 1

          cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.4.2
      Back to top