What is the threat?
A core component in Linux that manages system processes known as “systemd” could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. These vulnerabilities reside in the “systemd-journald” service that collects information from different sources and creates event logs by logging information in the journal. These vulnerabilities can be exploited via malware, or a malicious authenticated user. Successful exploitation would allow the attacker to crash or hijack the systemd-journald service, elevating access from ‘user’ to ‘root’.
Why is this noteworthy?
Systemd is a system and service manager for many Linux distributions. Its wide use across many organizations leads to a high security concern.
What is the exposure or risk?
A successful attack will give the malicious actor root privileges which can create user accounts, install new programs, and/or view, edit, and delete data. According to security researchers, Many Linux distributions are vulnerable, and successful exploitation could allow the attackers to have a full control of the system.
What are the recommendations?
Patches are not available as of yet, but SKOUT recommends installing the latest security updates as soon as they are released and ensure that all software/applications are up to date. Additionally, we recommend installing a strong anti-malware solution. We also recommend behavior-based detection capabilities such as Cylance for effective protection against future unknown threats.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Secure Intelligence Center.