Bugzilla – Bug 1185972
VUL-0: CVE-2020-13529: systemd: crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack
Last modified: 2021-08-23 13:23:26 UTC
CVE-2020-13529 An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. References: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142 https://github.com/systemd/systemd/issues/16774 References: https://bugzilla.redhat.com/show_bug.cgi?id=1959397 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
Affected packages: systemd-network not built: - SUSE:Carwos:1/systemd 234 - SUSE:SLE-12-SP2:Update/systemd 228 - SUSE:SLE-12-SP5:Update/systemd 228 - SUSE:SLE-15-SP3:Update/systemd 246.13 systemd-network built: - SUSE:SLE-15:Update/systemd 234 - SUSE:SLE-15-SP2:Update:Products:MicroOS:Update/systemd 246.10 - openSUSE:Factory/systemd 246.13
A discussion is going on to decide if/how to fix it.
Just for clarification: systemd-network is not shipped on any SLE distros hence only Leap/TW users might be affected.
I'm reassigning this one to the security team until a decision is taken (see comment #2).
A patch [0] has been merged into the main branch via this PR [1]. Please proceed by applying this to all the affected packages. If systemd-network is only available in Leap and TW, please proceed with them. [0] https://github.com/systemd/systemd/commit/6222acc2b59309ac6187450d9e65eceb1b7cc1c5.patch [1] https://github.com/systemd/systemd/pull/20002
This is an autogenerated message for OBS integration: This bug (1185972) was mentioned in https://build.opensuse.org/request/show/907871 Factory / systemd
# maintenance_jira_update_notice SUSE-SU-2021:2809-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1166028,1171962,1184994,1185972,1188063 CVE References: CVE-2020-13529,CVE-2021-33910 JIRA References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): systemd-246.15-7.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice openSUSE-SU-2021:2809-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1166028,1171962,1184994,1185972,1188063 CVE References: CVE-2020-13529,CVE-2021-33910 JIRA References: Sources used: openSUSE Leap 15.3 (src): systemd-246.15-7.11.1