CVE-2023-7008

Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Se encontró una vulnerabilidad en systemd-resolved. Este problema puede permitir que systemd-resolved acepte registros de dominios firmados por DNSSEC incluso cuando no tienen firma, lo que permite que los intermediarios (o el solucionador de DNS ascendente) manipulen los registros.

*Credits: N/A

CVSS Scores

NISTv3.1 5.9

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-12-20 CVE Reserved
2023-12-23 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-300: Channel Accessible by Non-Endpoint

CAPEC

References (8)

URL	Tag	Source
https://github.com/systemd/systemd/issues/25676	Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2024:2463	2024-05-22
https://access.redhat.com/errata/RHSA-2024:3203	2024-05-22
https://access.redhat.com/security/cve/CVE-2023-7008	2024-05-22
https://bugzilla.redhat.com/show_bug.cgi?id=2222261	2024-05-22
https://bugzilla.redhat.com/show_bug.cgi?id=2222672	2024-05-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Systemd Project Search vendor "Systemd Project"	Systemd Search vendor "Systemd Project" for product "Systemd"	25 Search vendor "Systemd Project" for product "Systemd" and version "25"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"	-	Safe
Systemd Project Search vendor "Systemd Project"	Systemd Search vendor "Systemd Project" for product "Systemd"	25 Search vendor "Systemd Project" for product "Systemd" and version "25"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"	-	Safe