Saturday, April 10, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

New Linux Systemd security holes uncovered

January 11, 2019
in Internet Security
New Linux Systemd security holes uncovered
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Many Linux sysadmins and users dislike Systemd, but love it or hate it, the Systemd is the default system and service manager for most Linux distributions. So, security company Qualys’s recent revelation of three new Systemd security vulnerabilities isn’t going to win Systemd any friends.

How bad is this trio of trouble? With any of these a local user can gain root privileges. Worse still, Qualys reports that “To the best of our knowledge, all systemd-based Linux distributions are vulnerable.”

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

Actually, that’s not quite true, even Qualys admits. “SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC’s -fstack-clash-protection.”

This protects these Linux distros because it prevents a stack clash from happening. A stack clash is a variation of the commonplace stack overflow bug. In it, the stack memory is forced to allocate memory to deal with a data overflow. Then, it overlaps with other memory areas. Once there, the data smashes the stack or memory space enabling an attack.

Specifically in these cases CVE-2018-16864 and CVE-2018-16865, two memory corruptions, and CVE-2018-16866, an out-of-bounds memory read, lets multiple megabytes of command-line arguments be passed to the Linux system logger, (syslog). This causes systemd-journald to crash and enables a hostile local user to take over a system.

Qualys claims to have already “developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on Amd64.”

The company won’t be releasing these exploits anytime soon. In the meantime, Red Hat has already released patches for 16864 and 16865, the most serious of the security holes. Since Red Hat is Systemd’s parent company, it’s expected most Linux distributions will quickly integrate and release these fixes.

Related Stories:

Credit: Source link

Previous Post

PyLocky Ransomware Decryption Tool Released — Unlock Files For Free

Next Post

Create a front-desk visitor log with Node.js

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
IBM RFE Community, Release 23

Create a front-desk visitor log with Node.js

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

One-stop machine learning platform turns health care data into insights | MIT News
Machine Learning

One-stop machine learning platform turns health care data into insights | MIT News

April 10, 2021
Machine learning: is there a limit to technological patents in Brazil?
Machine Learning

Disclosing AI Inventions – Part I: Identifying the Unique Disclosure Issues

April 10, 2021
Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Four Alternative Data Trends to Watch in 2021
Data Science

Four Alternative Data Trends to Watch in 2021

April 10, 2021
Artificial Intelligence and Machine Learning: Demographics & Firmographics
Machine Learning

Artificial Intelligence and Machine Learning: Demographics & Firmographics

April 10, 2021
A Primer of 29 Interactions for AI
Neural Networks

A Primer of 29 Interactions for AI

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • One-stop machine learning platform turns health care data into insights | MIT News April 10, 2021
  • Disclosing AI Inventions – Part I: Identifying the Unique Disclosure Issues April 10, 2021
  • Washington State educational organizations targeted in cryptojacking spree April 10, 2021
  • Four Alternative Data Trends to Watch in 2021 April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates