Researchers have discovered a critical flaw in Systemd which can be exploited by attackers to crash a Linux system.
The vulnerability (CVE-2018-15688) was discovered by security researcher Felix Wilhelm of the Google security team and said that the flaw resides in the DHCPv6 client of the open-source Systemd management suite.
“systemd-networkd contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisement are received” said in the post published by Researchers.
The attackers can exploit the vulnerability using a malicious crafted DHCPv6 packet and change parts memory in vulnerable systems, making it vulnerable to remote code execution.
The DHCPv6 client is automatically activated if the IPv6 support is enabled and start packets arrive for processing.
A rogue DHCPv6 server on a network, or in an ISP can wake up DHCPv6 clients by sending specially crafted router advertisement messages and this can be exploited by the attacker to hijack or crash vulnerable Systemd powered Linux systems.
Red Hat Linux and Ubuntu have published security adivisory regarding the vulnerability and Lennart Poettering, creator of Systemd has also published a patch for the vulnerability for Systemd-based Linux system relying on systemd-networkd. Users are advised to update your system immediately.
“It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim’s one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim’s machine.” said in the advisory published Red Hat Linux.
You may be interested in reading:Building an Effective Cybersecurity Culture Program