systemd DHCP Code Execution Vulnerability

A vulnerability has been disclosed in the systemd software suite used to provide application start-up and management services for Linux-based operating systems.

Threat ID:: CC-2752
Category:: Exploit
Threat Severity:: Low
Threat Vector:
Published:: 30 October 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A vulnerability has been disclosed in the systemd software suite used to provide application start-up and management services for Linux-based operating systems.

Affected platforms

The following platforms are known to be affected:

Linux

Linux distributions using systemd versions 239 and earlier, including:

Red Hat Enterprise Linux
Debian
Fedora
Ubuntu
openSUSE
CentOS

Threat details

The vulnerability lies in how the systemd-networkd login management client handles malformed DHCPv6 packets. When received, the client cannot correctly track the buffer size when reconstructing the packets, resulting in a buffer overflow.

A local attacker could trigger a buffer overflow by advertising themselves as a DHCP server and sending malicious packets to an affected device. They could then exploit the buffer overflow to escalate their privileges or execute code on an affected device.

For further information:

Remediation steps

Type	Step
	The latest version of systemd has addressed this vulnerability and it has now been passed to OS vendors for integration. Organisations are encouraged to contact their relevant IT providers and patch their affected systems as updates become available.

CVE Vulnerabilities

Status

CVE-2018-15688

Last edited: 17 February 2020 12:55 pm