A researcher has discovered another security flaw affecting Linux systems. The flaw existing in Systemd that could allow an attacker to gain remote code execution.
Systemd Vulnerability Triggered Hacks And System Crash
Reportedly, a researcher from the Google security team, Felix Wilhelm, discovered a flaw in Linux component that could lead to system crashes and hacks. Precisely, he found a systemd vulnerability that makes Linux systems vulnerable to cyber attacks. It allowed an attacker to execute codes remotely on the target machines or induce a denial of service.
According to Wilhelm, an attacker could exploit the bug residing within the Systemd suite’s written-from-scratch DHCPv6 client by presenting malicious DHCPv6 packets to it. As explained in the researcher’s bug report,
“systemd-networkd contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisement are received.”
The DHCPv6 client activates automatically upon enabling IPv6 support, triggering the processing of incoming relevant packets.
Upon exploiting the “Out-of-Bounds write in systemd-networkd dhcpv6 option handling” vulnerability (CVE-2018-15688), the attacker could either hijack the system, or crash causing DoS state due to heap-based buffer overflow.
“The overflow can be triggered relatively easy by advertising a DHCPv6 server with a server-id >= 493 characters long.”
Exploiting this flaw, however, requires the hacker to have control over a rogue DHCPv6 server on the same network as that of the target DHCPv6 client.
Systemd management suite accompanies numerous Linux distros, including RHEL, Debian, Ubuntu, CoreOS, Fedora, Mint, and SUSE.
After the discovery of the bug, Lennart Poettering, the creator of Systemd, published the security fix for all Linux distros depending on system-networkd.
Besides, Ubuntu and Red Hat also published security advisories describing the bug and acknowledging the patch. While the bug affects most Linux distributions, it allegedly did not always affect the RHEL 7. As explained in RHEL advisory:
“This issue affects the versions of systemd-networkd as shipped with Red Hat Enterprise Linux 7. However, the packet is available only through the RHEL-7-server-optional-rpms repository. And it cannot be exploited unless the interface is explicitly configured to use DHCP.
This issue affects the versions of NetworkManager as shipped with Red Hat Enterprise Linux 7 because the package includes some parts of the systemd-networkd code, which present the same vulnerability. NetworkManager is vulnerable to this flaw only when configured to use the internal DHCP, which is not the default. However, when it is, the flaw may be triggered by a connection where either ipv6.method is set to DHCP or it is set to auto, which is the default value.”