News

Linux systemd vulnerabilities without any patches discovered

Systemd exploit linux
System performs vital core functions on Linux OS

Security researchers at Qualys have discovered three vulnerabilities affecting a Linux system service named ‘journald“, which is part of systemd.

The vulnerabilities assume significance since systemd is a collection of software that provides the fundamental building blocks for the Linux operating system. The affected service, ‘journald’, is used to collect and store log data, and as per the researchers, can be used exploited to obtain root privileges. As of now, there is no patch to the bug.

Linux systemd exploit discovered
Linux is widely used by enterprise, researchers, and students alike

The systemd exploit affects almost all Linux distribution

According to the researchers, almost all Linux distributions are affected except for SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29, which are unaffected by the exploit. The team stated that these distros are not exploitable because their user space is compiled with GCC’s -fstack-clash-protection.

The advisory by the Qualys research also stated that the bug does not require any interaction by users, with two of the three exploits can be used over a network.

Furthermore, currently no patch exists for the exploits, with one being developed for one of the three exploits named CVE-2018-16866.

Read the detailed documentation here.

Source | Via

ALSO READ  The Google Cemetery: Top 5 that bit the dust

Leave a Comment