Flaw in System could Crash Linux Systems

-
Researchers have discovered a critical flaw in Systemd which can be exploited by attackers to crash a Linux system.
The vulnerability (CVE-2018-15688) was discovered by security researcher Felix Wilhelm of the Google security team and said that the flaw resides in the DHCPv6 client of the open-source Systemd management suite.
“systemd-networkd contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisement are received” said in the post published by Researchers.
The attackers can exploit the vulnerability using a malicious crafted DHCPv6 packet and change parts memory in vulnerable systems, making it vulnerable to remote code execution.
Source:Google Image

The DHCPv6 client is automatically activated if the IPv6 support is enabled and start packets arrive for processing.
A rogue DHCPv6 server on a network, or in an ISP can wake up DHCPv6 clients by sending specially crafted router advertisement messages and this can be exploited by the attacker to hijack or crash vulnerable Systemd powered Linux systems.
Red Hat Linux and Ubuntu have published security adivisory regarding the vulnerability and Lennart Poettering, creator of Systemd has also published a patch for the vulnerability for Systemd-based Linux system relying on systemd-networkd. Users are advised to update your system immediately.
“It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim’s one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim’s machine.” said in the advisorypublished Red Hat Linux.

source:https://securereading.com/flaw-in-systemd-could-crash-linux-systems/

Comments

Post a Comment

Popular posts from this blog

8 Top Technology Trends for 2019 and the Jobs They’ll Create

-
Technology is now evolving at such a rapid pace that annual predictions of trends can seem out-of-date before they even go live as a published blog post or article. As technology evolves, it enables even faster change and progress, causing the acceleration of the rate of change, until eventually it will become exponential. Technology-based careers don’t change at that same speed, but they do evolve, and the savvy IT professional recognizes that his or her role will not stay the same. The IT worker of the 21st century will constantly be learning, out of necessity if not desire. What does this mean for you? It means staying current with technology trends. And it means keeping your eyes on the future, to know which skills you’ll need to know and what types of jobs you want to be qualified to do. Here are eight technology trends you should watch for in 2019, and some of the jobs that will be created by these trends. Because the time to train yourself for one of these emerging jobs
Read more

New Google project offers Kubernetes building blocks for CI/CD

-
Image
Cloud-native technologies such as  Kubernetes  promise to be a  hedge against cloud lock-in. A new open-source project, Tekton , offers a Kubernetes-native framework for quickly building CI/CD systems that run anywhere Kubernetes runs. Plus, Tekton will work with existing CI/CD servers such as Jenkins.  The Google-led project, which has had contributions from other companies, features a shared set of building blocks for creating cloud-native CI/CD pipelines. WIth Tekton, developers can build and deploy software across multiple clouds or on-premises systems. Key capabilities of Tekton include: Source: Google Images Tekton Pipelines that run on the Kubernetes container orchestration platformand leverage containers as building blocks. Through Tekton Pipelines, developers combine containers to make complex pipelines. Kubernetes clusters are a first-class type with Tekton Pipelines. Tools for storing, managing, and securing artifacts. A results store API to provide insi
Read more

Internet of Things': How connected networks can make automation more efficient

-
Make way for the new revolutionary conglomeration of digital devices that pledges to innovate industrial production through a massive weave of all potent interconnected IPs ( Internet Protocol) – the Internet of Things or IoT. The phenomenon of Internet of Things has transformed from its origins in RFID to another that encloses all devices that are networked, both external and internal in a manufacturing operation. The massive thrust to embrace IoT in manufacturing corresponds to a recurrent trend that talks about the usage of industrial Ethernet and wireless network technologies within the automated production environment. IoT envelops intelligent sensors and machines, cloud computing, analytics, Big Data, mobility and universal visualization. The main objectives that manufacturers like to see are: improved business performance, production efficiency and asset optimization. Today, IP-enabled microprocessors connect the usual automation equipment such as input/output modules
Read more