Security researchers have discovered three vulnerabilities in Systemd, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.
The vulnerabilities, assigned as CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866, actually resides in the “systemd-journald” service that collects information from different sources and creates event logs by logging information in the journal.
The vulnerabilities, which were discovered and reported by security researchers at Qualys, affect all systemd-based Linux distributions, including Redhat and Debian, according to the researchers.
The first two flaws are memory corruptions issues, while the third one is an out-of-bounds read issue in systemd-journald that can leak sensitive process memory data.
If you are using a vulnerable Linux system, keep tabs on the latest updates by your respective Linux distribution and install the patches as soon as they are released.
Source: theHackernews
Sign up our newsletter for update information, insight and promotion.
