Bug 1185972 - (CVE-2020-13529) VUL-0: CVE-2020-13529: systemd: crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack
(CVE-2020-13529)
VUL-0: CVE-2020-13529: systemd: crafted DHCP FORCERENEW packet can cause a se...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: systemd maintainers
Security Team bot
https://smash.suse.de/issue/283925/
CVSSv3.1:SUSE:CVE-2020-13529:6.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-05-12 12:14 UTC by Gianluca Gabrielli
Modified: 2021-08-23 13:23 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
fbui: needinfo? (gianluca.gabrielli)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-05-12 12:14:29 UTC
CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

References:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://github.com/systemd/systemd/issues/16774

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1959397
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
Comment 1 Gianluca Gabrielli 2021-05-12 13:30:24 UTC
Affected packages:

systemd-network not built:
- SUSE:Carwos:1/systemd                                  234
- SUSE:SLE-12-SP2:Update/systemd                         228
- SUSE:SLE-12-SP5:Update/systemd                         228
- SUSE:SLE-15-SP3:Update/systemd                         246.13

systemd-network built:
- SUSE:SLE-15:Update/systemd                             234
- SUSE:SLE-15-SP2:Update:Products:MicroOS:Update/systemd 246.10
- openSUSE:Factory/systemd                               246.13
Comment 2 Gianluca Gabrielli 2021-05-12 13:32:12 UTC
A discussion is going on to decide if/how to fix it.
Comment 3 Franck Bui 2021-05-19 12:56:09 UTC
Just for clarification: systemd-network is not shipped on any SLE distros hence only Leap/TW users might be affected.
Comment 4 Franck Bui 2021-06-18 13:21:45 UTC
I'm reassigning this one to the security team until a decision is taken (see comment #2).
Comment 5 Gianluca Gabrielli 2021-06-24 10:21:16 UTC
A patch [0] has been merged into the main branch via this PR [1].
Please proceed by applying this to all the affected packages. If systemd-network is only available in Leap and TW, please proceed with them.

[0] https://github.com/systemd/systemd/commit/6222acc2b59309ac6187450d9e65eceb1b7cc1c5.patch
[1] https://github.com/systemd/systemd/pull/20002
Comment 11 OBSbugzilla Bot 2021-07-23 07:10:06 UTC
This is an autogenerated message for OBS integration:
This bug (1185972) was mentioned in
https://build.opensuse.org/request/show/907871 Factory / systemd
Comment 12 Swamp Workflow Management 2021-08-23 13:19:20 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2809-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1166028,1171962,1184994,1185972,1188063
CVE References: CVE-2020-13529,CVE-2021-33910
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    systemd-246.15-7.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-08-23 13:23:26 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:2809-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1166028,1171962,1184994,1185972,1188063
CVE References: CVE-2020-13529,CVE-2021-33910
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    systemd-246.15-7.11.1