Systemd Vulnerability in Linux Could Trigger Remote Attacks and System Crashes (Nov 2, 2018)
A flaw in "Systemd" in Linux operating systems that could allow for remote execution has been discovered by a researcher from Google. The flaw is located in the Systemd suite's written-from-scratch DHCPv6 client. The client can be initiated automatically when receiving IPv6 router advertisements, if IPv6 support is enabled. The vulnerability is registered as "CVE-2018-15688" and is an out-of-bounds write that can allow a threat actor to execute arbitrary code or cause a Denial-of-Service (DoS) due to a heap-based buffer overflow. The caveat to this vulnerability, however, requires a threat actor to have access to a rogue DHCPv6 server that is on the same network of the target DHCPv6 server. Creators of Systemd have released a patch for all Linux distributions that utilise this.
Recommendation: As a patch has been released, it is crucial to apply the fix immediately to avoid future exploitation of this vulnerability. This story depicts the importance of policies regarding the importance of applying security patches to network devices when they become available. Users and administrators should reboot the routers and install the necessary update as soon as possible.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.