CVE-2023-7008
Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
Se encontrĂ³ una vulnerabilidad en systemd-resolved. Este problema puede permitir que systemd-resolved acepte registros de dominios firmados por DNSSEC incluso cuando no tienen firma, lo que permite que los intermediarios (o el solucionador de DNS ascendente) manipulen los registros.
This update for systemd fixes the following issues. Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes. Unit: drop ProtectClock=yes from systemd-udevd.service. Don't mention any rpm macros inside comments, even if escaped. Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-20 CVE Reserved
- 2023-12-23 CVE Published
- 2024-11-23 CVE Updated
- 2025-07-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-300: Channel Accessible by Non-Endpoint
CAPEC
References (8)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2463 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:3203 | 2024-05-22 | |
https://access.redhat.com/security/cve/CVE-2023-7008 | 2024-05-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2222261 | 2024-05-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2222672 | 2024-05-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Systemd Project Search vendor "Systemd Project" | Systemd Search vendor "Systemd Project" for product "Systemd" | 25 Search vendor "Systemd Project" for product "Systemd" and version "25" | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Safe
|
Systemd Project Search vendor "Systemd Project" | Systemd Search vendor "Systemd Project" for product "Systemd" | 25 Search vendor "Systemd Project" for product "Systemd" and version "25" | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Safe
|