Bug 16145

Summary: systemd-resolved listens on external IPs
Product: Mageia Reporter: Pascal Terjan <pterjan>
Component: SecurityAssignee: Colin Guthrie <mageia>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: MGA5TOO
Source RPM: systemd CVE:
Status comment:

Description Pascal Terjan 2015-06-19 01:47:21 CEST 
# netstat -tlnp | grep sys
tcp        0      0 0.0.0.0:5355                0.0.0.0:*                   LISTEN      50705/systemd-resol 
tcp        0      0 :::5355                     :::*                        LISTEN      50705/systemd-resol 

I can't find anything in the various manpages to get it to only listen on localhost.

Reproducible: 

Steps to Reproduce:
David Walser 2015-06-19 04:12:47 CEST

Assignee: bugsquad => mageia
Whiteboard: (none) => MGA5TOO

Comment 1 Pascal Terjan 2015-06-19 08:49:13 CEST 
It seems to be because of the LLMNR feature:

https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution

"The responders also listen on TCP port 5355 on the unicast address that the host uses to respond to queries."
Comment 2 Pascal Terjan 2015-06-19 09:06:41 CEST 
        r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_TTL, &one, sizeof(one));

        r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &one, sizeof(one));

So it seems it should not be possible to establish a tcp connection from outside
Comment 3 Pascal Terjan 2015-06-19 09:15:06 CEST 
So this is initially scary but the code seems to do the right thing.

Status: NEW => RESOLVED
Resolution: (none) => INVALID