Linux systemd Affected by Memory Corruption Vulnerabilities, No Patches Yet
15 Jan 2019 • bleepingcomputer.comDiscovered by researchers at Qualys, the flaws are two memory corruption vulnerabilities (stack buffer overflow - CVE-2018-16864, and allocation of memory without limits - CVE-2018-16865) and one out-of-bounds error (CVE-2018-16866).
They were able to obtain local root shell on both x86 and x64 machines by exploiting CVE-2018-16865 and CVE-2018-16866. The exploit worked faster on the x86 platform, achieving its purpose in ten minutes; on x64, though, the exploit took 70 minutes to complete.
Count another “told ya so” for all the systemd haters. Not a religious issue to me personally, but I do see where they are coming from.