CVE-2017-9445: Linux initialisation daemon (systemd) vulnerability

Document ID : KB000015411
Last Modified Date : 06/06/2018
Show Technical Document Details

Linux has reported a Security Vulnerability patch and I would like to know if this patch is installed in PAM or if this vulnerability does not affect our system. 

Description: In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.


All PAM Releases

CA PAM is not affected by this vulnerability since it is not using systemd.