cv-announce-l@list.iu.edu
Subject: cv alerts list
List archive
- From: Andrew K Adams <akadams@psc.edu>
- To: cv-announce@trustedci.org
- Cc: "Andrew K. Adams" <akadams@psc.edu>
- Subject: [cv-announce-l] Re: System Down Exploit
- Date: Tue, 15 Jan 2019 13:41:07 -0500
CI Operators:
Three vulnerabilities (CVE-2018-16864, CVE-2018-16865, CVE-2018-16866) [1][2][3][4] with improper memory allocation in the systemd(1) command [5] have been reported that can allow a local user to escalate their privileges.
Impact:
The first two issues may be exploited to allow a local malicious actor to gain administrative permissions. Additionally, a malicious actor may exploit the third vulnerability to disclose process memory data.
Recommendation:
If the system has non-administrative users, patch immediately (if patches are available for your system).
Affected Software: All Linux systems with systemd(1)
* Redhat 7.x / CentOS 7.x
* Ubuntu
* Debian
Note, Redhat 6.x / CentOS 6.x and Suse 11 are *not* affected.
References:
[1] https://www.qualys.com/2019/01/09/system-down/system-down.txt
[2] https://access.redhat.com/security/cve/cve-2018-16864
[3] https://access.redhat.com/security/cve/cve-2018-16865
[4] https://access.redhat.com/security/cve/cve-2018-16866
[5] https://en.wikipedia.org/wiki/Systemd
How Trusted CI can help:
The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI (formerly CTSC) can not provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (http://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.
-
[cv-announce-l] System Down Exploit,
Andrew K Adams, 01/14/2019
- [cv-announce-l] Re: System Down Exploit, Andrew K Adams, 01/15/2019
Archive powered by MHonArc 2.6.24.