Potential Risk of CVE

Quick overview: Microsoft Azure Partial Service Disruption incident on 31st Aug 2022.

Leave a comment

Preface: Microsoft officials said a bug in Ubuntu 18/04 “will lead to DNS resolution errors”, and that “reports of this issue are confined to this single Ubuntu version.” 31st Aug 2022

Background: How to install Kubernetes on Ubuntu 18.04 Bionic Beaver Linux?

  1. Install docker on every node (master and slave nodes). Execute the below linux command to install docker on all your Kubernetes nodes:
    $ sudo apt install docker[.]io
    Once the Docker is installed ensure that it is enabled to start after reboot:
    $ sudo systemctl enable docker
  2. Install Kubernetes on all nodes (master & slave):
    Adding the Kubernetes signing key:
    $ curl -s https://packages[.]cloud[.]google.com/apt/doc/apt-key[].gpg | sudo apt-key add
  3. Add the Kubernetes repository and install Kubernetes
    $ sudo apt-add-repository “deb http://apt[.]kubernetes[.]io/ kubernetes-xenial main”
    $ sudo apt install kubeadm
  4. Disable swap memory on all your nodes (master & slave):
    $ sudo swapoff -a
  5. Next, ensure that all your nodes have a unique host name. set the master node with the kubernetes-master hostname:
    $ sudo hostnamectl set-hostname kubernetes-master
    5.1 Set the slave node with the kubernetes-master hostname:
    $ sudo hostnamectl set-hostname kubernetes-slave
    6.Initialize the Kubernetes master node – Execute the following linux command on your master node:
    kubernetes-master:~$ sudo kubeadm init –pod-network-cidr=10[.]244[.]0[.]0/16
    6.1 Execute the bellow commands as a regular user to start using Kubernetes cluster:
    kubernetes-master:~$ mkdir -p $HOME/.kube
    kubernetes-master:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    kubernetes-master:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
    7.Deploy a pod network
    kubernetes-master:~$ kubectl apply -f https://raw[.]githubusercontent[.]com/coreos/flannel/master/Documentation/kube-flannel[.]yml
  6. Join Kubernetes Cluster
    kubernetes-slave:~$ sudo kubeadm join 10[.]1[.]1[.]9:6443 –token qdjnpd[.]5glu39uxr92xarsj –discovery-token-ca-cert-hash sha256:ed0684156c718caf425ceae6c85a56c05f7b49037cde3a2f1fd57430a4f58f89
    Remark: Refer Step 6, copy the token hash from the screen display.

Vulnerability details: A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in ‘resolved-dns-stream[.]c’ not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

For headline news details, please refer to the link – https://www.theregister.com/2022/08/30/ubuntu_systemd_dns_update/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.