New Systemd Vulnerability Affects Most Mainstream Linux Distributions

By

Except for openSUSE, SUSE Linux, and Fedora

Security researchers at Qualys have discovered three new vulnerabilities in Systemd, the init system for Linux-based operating systems.

The vulnerabilities (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866) resides in "systemd-journald" service and could allow an attacker to gain root access on the targeted systems.

"We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average," the researchers wrote.

Qualys said that all Systemd-based Linux distributions are affected by the vulnerability except for SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29. These distributions compile their userspace code with GCC's -fstack-clash-protection.

No patches have been released by Red Hat or Canonical to fix these vulnerabilities.

Source: https://www.qualys.com/2019/01/09/system-down/system-down.txt

01/15/2019

Related content

comments powered by Disqus