The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

ChuangTzu · 10-27-2018, 04:46 PM

Quote:

A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box.

The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 packets can try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable systems, leading to potential code execution. This code could install malware, spyware, and other nasties, if successful.

https://www.theregister.co.uk/2018/1...md_dhcpv6_rce/

RickDeckard · 10-27-2018, 05:03 PM

Good thing I have IPV6 disabled. I always wondered what the benefit to getting rid of it was until now, LOL.

ChuangTzu · 10-27-2018, 07:28 PM

Quote:

Systemd has a remotely exploitable bug in its DHCPv6 client. That means anybody on the local network can send you a packet and take control of your computer. The flaw is a typical buffer-overflow. Several news stories have pointed out that this client was rewritten from scratch, as if that were the moral failing, instead of reusing existing code. That's not the problem.

The problem is that it was rewritten from scratch without taking advantage of the lessons of the past. It makes the same mistakes all over again.

https://blog.erratasec.com/2018/10/s...ould-feel.html

jsbjsb001 · 10-27-2018, 09:34 PM

I'm not sure how it's much if any different to say the kernel having some kind of bug that allows code execution, etc. It should also be noted that even in the first link supplied, it links a Red Hat bug report for this bug. Which says it was reported on the 2018-10-14, and was updated yesterday.

From the first link in post #1;

Quote:

Systemd creator Leonard Poettering has already published a security fix for the vulnerable component – this should be weaving its way into distros as we type.

While CentOS does use IPv6 by default (you can disable it AFAIK), the "networkd" systemd service is not installed from what yum tells me, and systemctl can't find any service by that name either. Therefore from what I can see, it's only the "networkd" systemd service, and IPv6 that's affected by this bug at this point. In which case systemd itself isn't affected by this, at this point, and on what I currently know.

Don't get me wrong; systemd to me is just another init system, I'm no hater or fan of it, but this thread does feel like something to the effect of "hahaha systemd has a serious security flaw". I don't think it's helpful to spread the idea that 1 security bug with 1 particular systemd service means that systemd itself must be full of bugs. Any piece software can have bugs in it and every piece of software at some point in time, has had bugs in it.

ChuangTzu · 10-28-2018, 12:11 PM

But that is the point, its not the only bug/security problem, its the recent one and there were many before. You can search DuckDuck as I am not going to post the links and turn it into an anti systemd thread. Fact remains the more systemd absorbs/takes on, the larger it becomes, the more risks it will have in the exact place that you do not want risks. [now back on topic].

fatmac · 10-28-2018, 01:12 PM

Quote:

Fact remains the more systemd absorbs/takes on, the larger it becomes, the more risks it will have in the exact place that you do not want risks. [now back on topic].

One of the reasons I didn't like systemd in the first place - it's too much like the Registry on that other OS.

zeebra · 10-31-2018, 07:28 AM

Quote:

Originally Posted by ChuangTzu

https://www.theregister.co.uk/2018/1...md_dhcpv6_rce/

The D in systemD stands for dumb.
Now all systems with systemD are vulnerable to anything, a nice attack vector, blobby software productions inc.

People need to start making sure init systems in GNU/Linux are compatible and work around the same standards.