Security researcher Sebastian Krahmer has recently discovered that a previously known security flaw in the systemd project can be used for more than crashing a Linux distro but also to grant local attackers root access to the device.
The issue was first introduced in the systemd source code in November 2015 and was patched two months later, in January 2016, affecting only systemd v228, and receiving a fix with the release of v229.
Initially, the bug was categorized as a lowly Denial-of-Service (DoS) issue that in the worst case scenario could make Linux distros crash and reboot.
After taking a second, closer look at the issue, Krahmer revealed today that he discovered a way to manipulate the same vulnerable systemd functions to escalate an attacker’s privileges to root level.
“systemd creates world writable suid files that allows attackers to dump binaries into it and execute code as root,” the researcher wrote last week on the OpenSUSE bug portal.
Krahmer says that there’s proof-of-concept code laying around the web that could be very easily edited to target this flaw, now tracked as CVE-2016-10156.
Submitted by: Arnfried Walbrecht