Casa > cibernético Notícias > Systemd and Ubuntu Address Multiple Linux Vulnerabilities
CYBER NEWS

Systemd e Ubuntu Endereço múltipla Linux Vulnerabilities

linux-ubuntu-vulnerabilidades-stforum

Apenas alguns dias atrás, uma nova vulnerabilidade de sistema foi descoberta no Linux por Andrew Ayer, Administrador Linux e fundador da empresa de certificação SSLMate. Como reportado, o bug tem o potencial de matar vários comandos críticos, in the meantime making others unstable just by inserting the following short command:

NOTIFY_SOCKET=/run/systemd/notify systemd-notify “”.

The researcher also explained that “the bug is serious, as it allows any local user to trivially perform a denial-of-service attack against a critical system component”.

Serious Deficiencies in systemd’s Architecture

Inicialmente, the researcher thought the flaw to be of low-severity character, but later he changed his mind. The vulnerability can be quite dangerous as it highlights serious deficiencies in systemd’s architecture, Ayer told SCMagazine in an email.

What is systemd? systemd is an init system used in most Linux distributions to bootstrap the user space and manage all processes subsequently, instead of the UNIX System V or Berkeley Software Distribution (BSD) init systems. The name systemd adheres to the Unix convention of naming daemons by appending the letter d. (através da Wikipedia)

debian_unstable_systemd_boot_2015_wikipedia

De acordo com o especialista, the vulnerability shouldn’t be neglected, mainly because system replaces an increasing number of components of Linux OS.

Neste ponto, Ayer’s advice for Linux admins is to make sure that the automatic security updates are enabled so that the fix is received timely. No futuro, he suggests that Linux users start avoiding systemd’s non-standard features and to wait for a better replacement, even though it’s not clear yet what that replacement might be.

Canonical Also Addresses Flaws in Linux Kernel

Canonical has separately announced a series of fixes for previously unknown Linux Kernel vulnerabilidades. The flaws affect the Ubuntu OS.

The flaws included an unbounded recursion in Linux Kernel’s VLAN and TEB Generic Receive Offroad (GRO) processing implementation, KDE-PIM Libraries incorrectly filtering URLs, Systemd improperly handling zero-length notification messages, a use-after-free condition in Linux kernel’s TCP retransmit queue handling code, a race condition in Linux kernel’s s390 SCLP console driver, e mais.

relacionado: Ubuntu 16.04 Hospitaleiro Xerus - Por que ele pode ser um Game Changer Linux

In case the vulnerabilities are left unpatched, a remote attacker could crash the system or retrieve sensitive information. Considering the various bad outcomes, Ubuntu users should apply the patches as soon as possible.

Here’s a list of vulnerabilities in a single advisory, USN-3095-1: PHP vulnerabilities:

CVE-2016-7124 CVE-2016-7125 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7133 CVE-2016-7134 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...