[ad_1]
Systemd, the Linux systems and services manager that largely replaced init as Linux’s main boot and control program, has always had its critics. Now, with Qualys discovering a new systemd security bug, systemd will have fewer friends. Successful exploitation of this new vulnerability allows any unprivileged user to trigger a denial of service via a kernel panic.
In one sentence, “this is bad, this is really bad.”
As Bharat Jogi, senior director of vulnerabilities and signatures at Qualys wrote, “given the extent of the attack surface for this vulnerability, Qualys recommends that users immediately apply patches for this vulnerability.” You can repeat it.
Systemd is used in almost all modern Linux distributions. This particular security vulnerability happened in the systemd code in April 2015.
It works by allowing attackers to abuse the alloca () function in a way that results in memory corruption. This, in turn, allows a hacker to crash systemd and therefore the entire operating system. Concretely, this can be done by a local attacker mounting a filesystem over a very long path. This will use too much memory space in the systemd stack, resulting in a system crash.
This is the bad news. The good news is that Red Hat Product Security and the developers of systemd immediately fixed the hole.
There is no way to fix this problem. Although it is not present in all current Linux distributions, you will find it in most distributions such as Debian 10 (Buster) and its relatives like Ubuntu and Mint. Therefore, if you enjoy your computers running, patch your version of systemd as soon as possible. You will be glad you did.
Related stories:
[ad_2]
Source link