Skip to Content.
Sympa Menu

cv-announce-l - [cv-announce-l] Re: System Down Exploit

Please Wait...

cv-announce-l@list.iu.edu

Subject: cv alerts list

List archive

[cv-announce-l] Re: System Down Exploit


Chronological Thread  
  • From: Andrew K Adams <akadams@psc.edu>
  • To: cv-announce@trustedci.org
  • Cc: "Andrew K. Adams" <akadams@psc.edu>
  • Subject: [cv-announce-l] Re: System Down Exploit
  • Date: Tue, 15 Jan 2019 13:41:07 -0500

Update: CentOS 7 patches  to address the multiple vulnerabilities in systemd have been released.

On Mon, Jan 14, 2019 at 10:44 AM Andrew K Adams <akadams@psc.edu> wrote:

CI Operators:


Three vulnerabilities (CVE-2018-16864, CVE-2018-16865, CVE-2018-16866) [1][2][3][4] with improper memory allocation in the systemd(1) command [5] have been reported that can allow a local user to escalate their privileges.


Impact:

The first two issues may be exploited to allow a local malicious actor to gain administrative permissions. Additionally, a malicious actor may exploit the third vulnerability to disclose process memory data.


Recommendation:

If the system has non-administrative users, patch immediately (if patches are available for your system).


Affected Software: All Linux systems with systemd(1)

* Redhat 7.x / CentOS 7.x

* Ubuntu

* Debian


Note, Redhat 6.x / CentOS 6.x and Suse 11 are *not* affected.


References:

[1] https://www.qualys.com/2019/01/09/system-down/system-down.txt

[2] https://access.redhat.com/security/cve/cve-2018-16864

[3] https://access.redhat.com/security/cve/cve-2018-16865

[4] https://access.redhat.com/security/cve/cve-2018-16866

[5] https://en.wikipedia.org/wiki/Systemd


How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI (formerly CTSC) can not provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (http://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.





Archive powered by MHonArc 2.6.24.

Top of Page