[SOLVED by updates] New Systemd Privilege Escalation Flaws Affect Most Linux Distributions

[philotux]

Security researchers have discovered three vulnerabilities in Systemd, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.
https://thehackernews.com/2019/01/linux ... ploit.html

Does anyone know if there is anything one as a user can do to mitigate this meanwhile it hopefully gets fixed from higher up?

[gomerpile]

Hate to say it, I told you so, some might remember my post. I can hack in root and take control over linux. I even showed packets in wireshark showing the data being sent. This data was to my computer that used to gain root access. However most just trolled the post. Well now the trolls can read'em and weep. You figured your data was not being sent out, I did tell you look into your logs and then run wireshark see where that data was going. I discovered exactly where that was going.

[redlined]

root shell in 10 - 70 minutes

Researchers have successfully created proof-of-concept exploits, which they are planning to release in the near future.
"We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average," the researchers write in an advisory published Wednesday.

Don't leave your seats now
Popcorn everywhere ...
-- System of a Down, "CUBErt"

(at least that advisory has some good SoaD clips... grabbing popcorn

[DAMIEN1307]

hey gomer, hows goober, andy, aunt bee, and opie?

this is my systemd-journald...disabled that sucker a loooong time ago...dont need it, dont use it, and according to that article its systemd-journald that they are trying to exploit from what i can see, and at that, they are still looking at it as a "proof of concept" from experts, not your average gomers, at this time...DAMIEN

damien@damien ~ $ systemctl status systemd-journald
● systemd-journald.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)
damien@damien ~ $

[greerd]

Security researchers have discovered three vulnerabilities in Systemd, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.
https://thehackernews.com/2019/01/linux ... ploit.html

Does anyone know if there is anything one as a user can do to mitigate this meanwhile it hopefully gets fixed from higher up?

Gotta love the look on the penguin in your link. As for the CVE's, from this mornings updates:

systemd (237-3ubuntu10.11) bionic-security; urgency=medium

* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
- debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
entry for process commandline on the stack
- CVE-2018-16864
* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
- debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
number of fields (1k)
- debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
number of fields in a message
- CVE-2018-16865
* SECURITY UPDATE: out-of-bounds read in journald
- debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()
- CVE-2018-16866

* Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
- add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
- update debian/patches/series
* Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts
- add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
- update debian/patches/series

-- Chris Coulson <chris.coulson@canonical.com> Wed, 09 Jan 2019 15:11:53 +0000

[philotux]

Gotta love the look on the penguin in your link.

How about that! One with "Attitude"

As for the CVE's, from this mornings updates:
...

So, the updates are trickling down? That's good news!
Thanks for the info!

cheers
philotux

[redlined]

and.... the update to fix is arrived:
(see your local trustworthy update manager for more info on this level 4 security update:)

systemd (237-3ubuntu10.11) bionic-security; urgency=medium

ps @ greerd and philotux, totally agree- the 'Madagascar' (movie) penguins are the real deal, I've been searching for something to use from that collection as my avatar, always liked them!

edit to remove duplicated info from greerd last post

[philotux]

Thanks for the info about the updates. I am not on my Mint system at the moment, but i will surely apply them the moment I boot it up next time. I consider this one a solved and mark it as such.

cheers,
philotux

[MurphCID]

Apparently there are three really ugly potential exploits found in Systemd: https://www.youtube.com/watch?v=3FnSbDbRv1o Could this affect us?

[philotux]

This has already been fixed by updates:
viewtopic.php?f=61&t=285420

[Hoser Rob]

There is no such thing as an exploit free OS, period, and Linux is actually pretty good at being secure relative to others. There's only one truly 100% reliable way to have a hack free computer. Buy the computer, take it home, and NEVER turn it on.

Don't worry so much. I've done some pretty cavalier things in Linux, like reinstall on my netbook when I was into distro/de hopping and forget to turn on the firewall. This is my netbook which I rarely use at home, just out at hotspot cafes. Never got hacked, and I would've in a millisecond if I'd been running WIndows.