> Anyone, could you tell me how to fix this issue, maybe adjusting the
`zzz-fix-domains` script? Thanks.
I was able to fix this issue with another workaround even when rebooting
OS. I didn't use the workaround script `/etc/network/if-up.d/zzz-fix-
domains`. I added a new systemd service to run the
Hi I am seeing this issue `search DOMAINS` on Ubuntu jammy arm64 in the
following environment.
```
$ cat /etc/os-release | grep ^VERSION
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
$ uname -m
aarch64
$ dpkg -S /etc/network/if-up.d/resolved
ifupdown: /etc/ne
This is not a matter of CACHE poisoning. This is a 3rd-party owned
domain suffix being applied to every name resolution on the system.
Users deploying Kubernetes on these nodes will inherit this behavior in
kube-dns, for example.
Users' applications, package management, pods, and customer workload
We were asked privately if this should receive a CVE. I'll copy my reply
here:
In this case I don't believe a CVE is appropriate:
- DNS is typically plain-text unauthenticated
- DNS cache poisoning can be insanely easy if poor-quality DNS
recursors are in use
- DNS cache poisoning is possibl
There is possibly a fix in
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878/comments/15
, but I haven't tested it.
** Bug watch added: Debian Bug tracker #1031236
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031236
--
You received this bug notification because you are a m
Similar issue here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031236
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1978351
Title:
MITM vector: ifupdown puts .d
It looks like debian/if-up.d/resolved contains a few occurrences of:
DNS=DNS
DOMAINS=DOMAINS
Perhaps it was supposed to be DNS=$DNS and DOMAINS=$DOMAINS, but someone
will have to go through the script and figure out what the script is
actually supposed to do and what the proper fix is.
T
This is still a problem. Who would set the importance and assign someone
to this?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1978351
Title:
MITM vector: ifupdown puts
Here's a quick-and-dirty temporary workaround:
It uses a post-up hook to remove DOMAINS=DOMAINS from the systemd-
resolved state files if it ends up there. Put it in /etc/network/if-
up.d/zzz-fix-domains
```
#!/bin/sh
statedir=/run/systemd/resolve/netif
grep -rl DOMAINS $statedir | xargs -r perl
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ifupdown (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad
Debian 11's ifupdown 0.8.36 does not contain the /etc/network/if-
up.d/resolved script that contains the DOMAINS=DOMAINS line.
The equivalent functionality in Debian comes from /etc/network/if-
up.d/000resolvconf from the resolvconf package.
(I don't know if these are standard or if these are ven
Thanks Marques, do you know if this affects Debian as well? I wonder if
they already saw this and fixed it, or if they don't yet know about it.
THanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https:
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
13 matches
Mail list logo
