The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box
Quote:
A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box.
The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 packets can try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable systems, leading to potential code execution. This code could install malware, spyware, and other nasties, if successful.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Original Poster
Rep:
Systemd is bad parsing and should feel bad
Quote:
Systemd has a remotely exploitable bug in its DHCPv6 client. That means anybody on the local network can send you a packet and take control of your computer. The flaw is a typical buffer-overflow. Several news stories have pointed out that this client was rewritten from scratch, as if that were the moral failing, instead of reusing existing code. That's not the problem.
The problem is that it was rewritten from scratch without taking advantage of the lessons of the past. It makes the same mistakes all over again.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
I'm not sure how it's much if any different to say the kernel having some kind of bug that allows code execution, etc. It should also be noted that even in the first link supplied, it links a Red Hat bug report for this bug. Which says it was reported on the 2018-10-14, and was updated yesterday.
From the first link in post #1;
Quote:
Systemd creator Leonard Poettering has already published a security fix for the vulnerable component – this should be weaving its way into distros as we type.
While CentOS does use IPv6 by default (you can disable it AFAIK), the "networkd" systemd service is not installed from what yum tells me, and systemctl can't find any service by that name either. Therefore from what I can see, it's only the "networkd" systemd service, and IPv6 that's affected by this bug at this point. In which case systemd itself isn't affected by this, at this point, and on what I currently know.
Don't get me wrong; systemd to me is just another init system, I'm no hater or fan of it, but this thread does feel like something to the effect of "hahaha systemd has a serious security flaw". I don't think it's helpful to spread the idea that 1 security bug with 1 particular systemd service means that systemd itself must be full of bugs. Any piece software can have bugs in it and every piece of software at some point in time, has had bugs in it.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Original Poster
Rep:
But that is the point, its not the only bug/security problem, its the recent one and there were many before. You can search DuckDuck as I am not going to post the links and turn it into an anti systemd thread. Fact remains the more systemd absorbs/takes on, the larger it becomes, the more risks it will have in the exact place that you do not want risks. [now back on topic].
Distribution: Mainly Devuan, antiX, & Void, with Tiny Core, Fatdog, & BSD thrown in.
Posts: 5,479
Rep:
Quote:
Fact remains the more systemd absorbs/takes on, the larger it becomes, the more risks it will have in the exact place that you do not want risks. [now back on topic].
One of the reasons I didn't like systemd in the first place - it's too much like the Registry on that other OS.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.