PT-2020-6804 · Systemd+11 · Systemd+11

Published

2020-03-24

·

Updated

2024-06-15

·

CVE-2020-13529

CVSS v3.1

6.1

Medium

VectorAV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Systemd version 245
Description An exploitable denial-of-service issue exists due to a DHCP ACK spoofing attack. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable. An attacker can forge a pair of FORCERENEW and DHCP ACK packets to reconfigure the server. This issue is related to authentication bypass via spoofing, allowing a remote attacker to cause a denial of service.
Recommendations For Systemd version 245, consider disabling the DHCP client until a patch is available to prevent exploitation. Restrict access to the DHCP service to minimize the risk of spoofing attacks. Avoid using the DHCP FORCERENEW packet in the affected setup until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

ALSA-2021:4361
ALT-PU-2020-1560
ALT-PU-2021-2116
ALT-PU-2021-2129
ALT-PU-2021-2584
ALT-PU-2023-1283
BDU:2022-06889
CESA-2021_4361
CVE-2020-13529
MGASA-2021-0365
OESA-2021-1319
OPENSUSE-SU-2021:2809-1
OPENSUSE-SU-2021_2809-1
OPENSUSE-SU-2024:10602-1
OPENSUSE-SU-2024:11420-1
RHSA-2021:4361
RHSA-2021_4361
RLSA-2021:4361
SUSE-SU-2021:2809-1
SUSE-SU-2021_2809-1
USN-5013-1
USN-5013-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Systemd
Ubuntu