New Systemd Vulnerability Affects Most Mainstream Linux Distributions


Except for openSUSE, SUSE Linux, and Fedora

Security researchers at Qualys have discovered three new vulnerabilities in Systemd, the init system for Linux-based operating systems.

The vulnerabilities (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866) resides in "systemd-journald" service and could allow an attacker to gain root access on the targeted systems.

"We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average," the researchers wrote.

Qualys said that all Systemd-based Linux distributions are affected by the vulnerability except for SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29. These distributions compile their userspace code with GCC's -fstack-clash-protection.

No patches have been released by Red Hat or Canonical to fix these vulnerabilities.



Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=