New SystemD Vulnerability Discovered

guest · Oct 27, 2018

New SystemD Vulnerability Discovered
October 27, 2018
https://news.slashdot.org/story/18/10/27/196227/new-systemd-vulnerability-discovered

The Register reports that a new security bug in systemd "can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box" by a malicious host on the same network segment as the victim.

According to one Red Hat security engineer, "An attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." According to the bug description, systemd-networkd "contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisements are received."
The Register:

In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default.

Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. [...]
Click to expand...

mirimir · Oct 28, 2018

Yet another reason to disable IPv6, unless you actually need it

Stefan Froberg · Nov 1, 2018

Thank god for my non-systemd Linux box.

This (and the previous DNS vulnerability in systemd too..) are exactly the reasons
why it's a bad idea to stuff so much things into init system.

guest · Jan 10, 2019

SystemD... Security holes found in much-adored Linux toolkit
Patches pending for distros to deal with threat of local privilege escalation to root
January 10, 2019
https://www.theregister.co.uk/2019/01/10/systemd_bugs_qualys/

Security biz Qualys has revealed three vulnerabilities in a component of systemd, a system and service manager used in most major Linux distributions.

Patches for the three flaws – CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 – should appear in distro repos soon as a result of coordinated disclosure. However, Linux distributions such as Debian remain vulnerable at the moment, depending on the version you have installed.

While systemd isn't universally beloved in the Linux community, Graham sees nothing unusual about the presence of the three flaws in the software. "The noteworthiness to me is that it is very commonly found in most major distributions," he said.
Click to expand...

fblais · Jan 10, 2019

Time to give Devuan another try I guess.

Eggnog · Jan 10, 2019

Smirk=ON

guest · Jan 31, 2019

mood said: ↑

SystemD... Security holes found in much-adored Linux toolkit
Patches pending for distros to deal with threat of local privilege escalation to root
January 10, 2019
https://www.theregister.co.uk/2019/01/10/systemd_bugs_qualys/
Click to expand...

Researchers published the PoC exploit code for Linux SystemD bugs
January 31, 2019
https://securityaffairs.co/wordpress/80505/hacking/systemd-poc-exploit-released.html

The experts developed a PoC exploit for both CVE-2018-16865 and CVE-2018-16866 that is able to obtain a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average.

Nick Gregory, security research at Capsule8, published a blog post that revealed that his company has developed a proof-of-concept exploit for the above vulnerabilities.
“As Qualys did not provide exploit code, we developed a proof-of-concept exploit for our own testing and verification.” reads the post published by Gregory.

“There are some interesting aspects that were not covered by Qualys’ initial publication, such as how to communicate with the affected service to reach the vulnerable component, and how to control the computed hash value that is actually used to corrupt memory,”
Click to expand...

guest · Jul 20, 2021

Nasty Linux systemd security bug revealed
Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system.
July 20, 2021
https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/

Systemd, the Linux system and service manager that has largely replaced init as the master Linux startup and control program, has always had its critics. Now, with Qualsys's discovery of a new systemd security bug, systemd will have fewer friends. Successful exploitation of this newest vulnerability enables any unprivileged user to cause a denial of service via a kernel panic.

In a phrase, "that's bad, that's really bad."
As Bharat Jogi, Qualys's senior manager of Vulnerabilities and Signatures, wrote, "Given the breadth of the attack surface for this vulnerability, Qualys recommends users apply patches for this vulnerability immediately." You can say that again.
Click to expand...

That's the bad news. The good news is that Red Hat Product Security and systemd's developers have immediately patched the hole.
There's no way to remedy this problem.

Therefore, you must, if you value keeping your computers working, patch your version of systemd as soon as possible. You'll be glad you did.
Click to expand...

Qualys: CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1)

The Qualys Research Team has discovered a stack exhaustion denial-of-service vulnerability in systemd, a near-ubiquitous utility available on major Linux operating systems. Any unprivileged user can exploit this vulnerability to crash systemd and hence the entire operating system (a kernel panic).
Click to expand...

Log in or Sign up

New SystemD Vulnerability Discovered

guest Guest

mirimir Registered Member

Stefan Froberg Registered Member

guest Guest

fblais Registered Member

Eggnog Registered Member

guest Guest

guest Guest

Log in or Sign up

New SystemD Vulnerability Discovered

guest Guest

mirimir Registered Member

Stefan Froberg Registered Member

guest Guest

fblais Registered Member

Eggnog Registered Member

guest Guest

guest Guest

Useful Searches