systemd Privilege Escalation Vulnerabilities

Security researchers have found vulnerabilities in systemd that allow an authenticated attacker to escalate privileges and cause a system service to crash.

Threat ID:: CC-2876
Category:: Exploit
Threat Severity:: Low
Threat Vector:: Vulnerability
Published:: 10 January 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security researchers have found vulnerabilities in systemd that allow an authenticated attacker to escalate privileges and cause a system service to crash.

Affected platforms

The following platforms are known to be affected:

Linux

Most Linux distributions using systemd versions 240 and earlier, including:

Red Hat Enterprise Linux
Debian
Ubuntu
CentOS

It is understood that Fedora 28 & 29, SUSE Linux Enterprise 15 and openSUSE Leap 15.0 cannot be exploited using these vulnerabilities.

Threat details

The three vulnerabilities were found in the systemd-journald service, which is responsible for collecting and storing log data. The first and second of these vulnerabilities can both be individually exploited to corrupt memory and cause systemd-journald to crash. The second vulnerability can also be exploited in combination with the third to allow an authenticated attacker to hijack systemd-journald and perform operations with root privileges.

At the time of publication there is no indication that malicious exploits have been developed for these vulnerabilities.

For further reading:

Update 31 Jan 2019

A proof of concept code has been releasing to exploit these vulnerabilities. It is possible that this code with be used in malicious campaigns.

Remediation steps

Type	Step
	Patches have been developed to address these vulnerabilities and these have now been passed to the Linux distribution vendors for integration. Organisations are advised to contact their relevant suppliers and patch their affected systems as updates become available.

Last edited: 14 February 2020 2:47 pm