![\"Sad](\"https:\/\/regmedia.co.uk\/2017\/04\/20\/sad_penguin_photo_via_shutterstock.jpg?x=442&y=293&crop=1\")
<\/p>\n<\/p>\n
A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box.<\/p>\n
The flaw therefore puts Systemd-powered Linux computers \u2013 specifically those using systemd-networkd \u2013 at risk of remote hijacking: maliciously crafted DHCPv6 packets can try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable systems, leading to potential code execution. This code could install malware, spyware, and other nasties, if successful.<\/p>\n
The vulnerability \u2013 which was made public this week \u2013 sits within the written-from-scratch DHCPv6 client of the open-source Systemd management suite, which is built into various flavors of Linux.<\/p>\n
This client is activated automatically if IPv6 support is enabled, and relevant packets arrive for processing. Thus, a rogue DHCPv6 server on a network, or in an ISP, could emit specially crafted router advertisement messages that wake up these clients, exploit the bug, and possibly hijack or crash vulnerable Systemd-powered Linux machines.<\/p>\n
Here’s the Red Hat Linux summary<\/a>:<\/p>\n Felix Wilhelm, of the Google Security team, was credited with discovering the flaw, designated CVE-2018-15688<\/a>. Wilhelm found that<\/a> a specially crafted DHCPv6 network packet could trigger “a very powerful and largely controlled out-of-bounds heap write,” which could be used by a remote hacker to inject and execute code.<\/p>\n “The overflow can be triggered relatively easy by advertising a DHCPv6 server with a server-id >= 493 characters long,” Wilhelm noted.<\/p>\n In addition to Ubuntu<\/a> and Red Hat Enterprise Linux, Systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We’re told RHEL 7, at least, does not use the vulnerable component by default.<\/p>\n Systemd creator Lennart Poettering has already published<\/a> a security fix<\/a> for the vulnerable component \u2013 this should be weaving its way into distros as we type.<\/p>\n If you run a Systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.<\/p>\n The bug will come as another argument against Systemd as the Linux management tool continues to fight for the hearts and minds of admins and developers alike. Though a number of major admins have in recent years adopted and championed<\/a> it as the replacement for the old Init era, others within the Linux world seem to still be less than impressed<\/a> with Systemd and Poettering’s occasionally controversial<\/a> management of the tool. \u00ae<\/p>\n