Security researchers at Qualys have discovered three vulnerabilities affecting a Linux system service named ‘
The vulnerabilities assume significance since systemd is a collection of software that provides the fundamental building blocks for the Linux operating system. The affected service, ‘journald’, is used to collect and store log data, and as per the researchers, can be used exploited to obtain root privileges. As of now, there is no patch to the bug.
The systemd exploit affects almost all Linux distribution
According to the researchers, almost all Linux distributions are affected except for SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29, which are unaffected by the exploit. The team stated that these distros are not exploitable because their user space is compiled with GCC’s -fstack-clash-protection.
The advisory by the Qualys research also stated that the bug does not require any interaction by users, with two of the three exploits can be used over a network.
Furthermore, currently no patch exists for the exploits, with one being developed for one of the three exploits named CVE-2018-16866.
Read the detailed documentation here.