CVE-2023-7008
Publication date 23 December 2023
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
Read the notes from the security team
Why is this CVE low priority?
DNSSEC is an experimental feature in systemd with known issues
Status
Package | Ubuntu Release | Status |
---|---|---|
systemd | 24.10 oracular |
Fixed 255.2-3ubuntu1
|
24.04 LTS noble |
Fixed 255.2-3ubuntu1
|
|
22.04 LTS jammy |
Vulnerable
|
|
20.04 LTS focal |
Vulnerable
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of ESM support, was needs-triage |
Notes
mdeslaur
DNSSEC is turned off in Ubuntu by default, and is an experimental feature not recommended for production
Patch details
Package | Patch details |
---|---|
systemd |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 · Medium |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |