Security researchers have recently revealed a vulnerability in Systemd, a core component of the Linux system, that exploits root privileges and steals confidential information.
Including memory corruptions CVE-2018-16864 and CVE-2018-16865 and an information leak CVE-2018-16866. At present, the vulnerability is only submitted but the POC has not been published. The researchers said that the POC will be published for analysis.
The researchers write, “we developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average.” These vulnerabilities affect all systemd-based Linux distributions, including Redhat and Debian. However, SUSE Linux Enterprise 15/openSUSE Leap 15 and Fedora 28/29 are not affected by this vulnerability.