Vulnerabilities > CVE-2023-7008 - Unspecified vulnerability in Systemd Project Systemd 25

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

systemd-project

NVD

Published: 2023-12-23

Updated: 2024-05-22

Summary

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Vulnerable Configurations

Part	Description	Count
Application	Systemd_Project Systemd Project Systemd 25	1
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0	2

References

https://access.redhat.com/security/cve/CVE-2023-7008
https://bugzilla.redhat.com/show_bug.cgi?id=2222261
https://bugzilla.redhat.com/show_bug.cgi?id=2222672
https://github.com/systemd/systemd/issues/25676
https://lists.fedoraproject.org/archives/list/[email protected]/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
https://lists.fedoraproject.org/archives/list/[email protected]/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/
https://access.redhat.com/errata/RHSA-2024:2463
https://access.redhat.com/errata/RHSA-2024:3203