New Systemd Vulnerability Affects Most Mainstream Linux Distributions
Security researchers at Qualys have discovered three new vulnerabilities in Systemd, the init system for Linux-based operating systems.
The vulnerabilities (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866) resides in "systemd-journald" service and could allow an attacker to gain root access on the targeted systems.
"We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average," the researchers wrote.
Qualys said that all Systemd-based Linux distributions are affected by the vulnerability except for SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29. These distributions compile their userspace code with GCC's -fstack-clash-protection.
No patches have been released by Red Hat or Canonical to fix these vulnerabilities.
Source: https://www.qualys.com/2019/01/09/system-down/system-down.txt