[sf-lug] Verifiably critical systemd vulnerability anyone?

Tue Jul 20 16:37:49 PDT 2021

Thanks Aaron,
     I am sure that this is much appreciated by the systemd users.

On 7/20/21 3:34 PM, aaronco36 wrote:
> FYI, am using a non-systemd-init Linux distro at the moment.
>
> Quoting OpenCVE's earlier 'CVE-2021-33910' webpage at 
> https://www.opencve.io/cve/CVE-2021-33910 :
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> basic/unit-name.c in systemd 220 through 248 has a Memory Allocation 
> with an Excessive Size Value (involving strdupa and alloca for a 
> pathname controlled by a local attacker) that results in an operating 
> system crash.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> More extensively quoting Steven J. Vaughan-Nichols' more explanatory 
> ZDNet article 'Nasty Linux systemd security bug revealed' at 
> https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ 
> :
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Qualsys has found an ugly Linux systemd security hole that can enable 
> any unprivileged user to crash a Linux system. The patch is available, 
> and you should deploy it as soon as possible.
>
> Systemd[1], the Linux system and service manager that has largely 
> replaced init[2] as the master Linux startup and control program, has 
> always had its critics. Now, with Qualys's[3] discovery of a new 
> systemd security bug[4], systemd will have fewer friends. Successful 
> exploitation of this newest vulnerability enables any unprivileged 
> user to cause a denial of service via a kernel panic.
>
> In a phrase, "that's bad, that's really bad."
>
> As Bharat Jogi, Qualys's senior manager of Vulnerabilities and 
> Signatures, wrote, "Given the breadth of the attack surface for this 
> vulnerability, Qualys recommends users apply patches for this 
> vulnerability immediately." You can say that again.
>
> Systemd is used in almost all modern Linux distributions. This 
> particular security hole arrived in the systemd code in April 2015.
>
> It works by enabling attackers to misuse the alloca() function in a 
> way that would result in memory corruption. This, in turn, allows a 
> hacker to crash systemd and hence the entire operating system. 
> Practically speaking, this can be done by a local attacker mounting a 
> filesystem on a very long path[5]. This causes too much memory space 
> to be used in the systemd stack, which results in a system crash.
>
> That's the bad news. The good news is that Red Hat Product Security[6] 
> and systemd's developers have immediately patched the hole.
>
> There's no way to remedy this problem. While it's not present in all 
> current Linux distros, you'll find it in most distros such as the 
> Debian 10 (Buster)[7] and its relatives like Ubuntu[8] and Mint[9]. 
> Therefore, you must, if you value keeping your computers working, 
> patch your version of systemd as soon as possible. You'll be glad you 
> did.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> -Aaron
>
>
> ============================================
> Numbered, Internally-linked References 
> ============================================
> [1]https://www.freedesktop.org/wiki/Software/systemd/
> [2]https://www.lifewire.com/how-to-use-the-init-command-in-linux-4066930
> [3]https://www.qualys.com/
> [4]https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1 
>
> [5]https://access.redhat.com/security/cve/cve-2021-33910
> [6]https://access.redhat.com/security
> [7]https://www.debian.org/releases/buster/
> [8]https://ubuntu.com/
> [9]https://linuxmint.com/
> ============================================
>
> aaronco36 at sdf.org
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/

bliss -  'Nearly any fool can use a Linux computer. Many do.' After all 
here I am...
             a big fool but not a big enough fool to use systemd.