Fedora is an open-source distributed Linux based operating system that introduced SystemD software in 2010. SystemD is a suite of tools that initialize, manage and track system services and daemons in Fedora. SystemD keeps track during startup and when the system is running. However, prior to the introduction of SystemD, Fedora used SysVinit which is also known as System Vinit or init that is used for systems tracking.
In January 2019, it was reported in The Hacker News that multiple vulnerabilities were discovered in SystemD’s software. The vulnerabilities CVE are CVE-2018-16864, CVE-2018-16865, both memory corruptions and CVE-2018-16866, which is a data leak. All are located in the “system-journald” service. This file collects data from various sources and creates logs by logging information into the journal.
The vulnerabilities allow attackers to either “crash” the system or steal data according to Qualys, a security research company located in California. Security researchers are concerned that the vulnerabilities are described as “a monumental increase in complexity and with its viral nature, it turns into something like a ‘second kernel” that can spread all across the Linux ecosystem.” This basically means that attackers could instantly get root privileges.
According to Qualys researchers, these are the SystemD-based Linux distributions that are vulnerable.
a. Bar
b. Well
c. SUSE Linux Enterprise 15
d. Open SUSE Leap 15.0
e. Fedora 28 and 29.
Qualys did admit that “SUSE Linux Enterprise 15, openSUSE Leap 15.0 and Fedora 28 and 29 are in their words, “not exploitable because their user space is compiled with GCC’s -fstack-clash-protection.”
GCC or GNU Compiler Collection is a compiler system produced by the GNU Project that supports various program languages. A compiler acts as a language translator for various computer programming languages.
GCC’s fstack-clash-protection is basically buffer overflow protection. Qualys also states that the updates on security patches are currently pending.
Redport IA, LLC security researchers will stay vigilant and update their clients on any and all serious vulnerabilities that may occur to any Linux distributions now and in the future.

By Dr. Randall Sylvertooth

Sources:
https://fedoramagazine.org/what-is-an-init-system/
https://www.cbronline.com/news/systemd-vulnerabilities-qualys

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA