Two Linux vulnerabilities give exploiters root privileges

Linux administrators are urged to look for and install patches to fix two major vulnerabilities in the operating system.

Discovered both by researchers at Qualys, one is a stack exhaustion denial-of-service vulnerability in systemd, described as a nearly ubiquitous utility available on major Linux operating systems, and the other in the Linux kernel filesystem layer. is. Flaw that could allow unprivileged users to gain root privileges.

Systemd vulnerability

"Any unintended user can exploit this vulnerability to crash the system and therefore the entire operating system (a kernel panic)," the company said in a blog. Systemd is a software suite included in most Linux-based OSes that provides an array of system components for the Linux operating system, including a system and service manager that runs as PID 1 and the rest of the system. starts the.

The vulnerability dates back to April 2015, when it was introduced in a version added to the operating system.

Red Hat and Ubuntu have released patches for their Linux distributions.

File system fault

Separately, Linux administrators have been warned to look for patches to fix a vulnerability in the filesystem layer of the Linux kernel that could allow any unprivileged user to gain root privileges on a vulnerable host. It is said to affect most Linux operating systems.

Under certain circumstances if a non-privileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB, they can gain full root privileges. Qualys has shown that it works on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11 and Fedora 34 workstations.

Red Hat released a patch on July 13.

Given the breadth of attack surfaces for both of these vulnerabilities, Qualys recommends that users apply patches to them immediately.