6、研究人员发现Linux systemd本地提权漏洞
标题:Linux Systemd Flaw Gives Attackers Root Access
作者信息:January 24, 2017 01:51 PM By Catalin Cimpanu
//BEGIN
Security researcher Sebastian Krahmer has recently discovered that a previously known security flaw in the systemd project can be used for more than crashing a Linux distro but also to grant local attackers root access to the device.
The issue was first introduced in the systemd source code in November 2015 and was patched two months later, in January 2016, affecting only systemd v228, and receiving a fix with the release of v229.
一个名为Sebastian Krahmer的安全研究人员近期经过研究发现,以前被报告systemd项目存在的安全漏洞不仅能导致Linux系统的崩溃,还能致使攻击者本地提权,并获取根目录权限。
其实这个漏洞早在2015年11月份就在systemd的源代码中被发现,并在2个月后的2016年1月份被修复成功。影响的systemd版本是v228,下一个版本v229则修复成功。只是最近该安全研究人员在仔细分析了该漏洞后,又发现了新的利用途径。
//END
Systemd is a core Linux utility that manages application processes on Linux distros. The vast majority of today's major Linux distributions use systemd as their default init system, including most Linux versions deployed on IoT devices.
Systemd是一个Linux系统下的核心应用,能在Linux下管理应用程序进程。当前发行的大部分Linux版本都将systemd作为其启动的默认系统进程运行。同时它也广泛应用于物联网IoT设备中。
点评:内核级systemd应用,幸亏不能通过网络进行提权。 |