Systemd is a core process and an integral part of the system design itself. Being able to cause instability at such a core level is worrisome, to say the least.
Bitcoin users who are running a Linux distribution may want to take special notice. A recently discovered vulnerability will crash nearly any Linux distro in circulation. All it takes is 48 characters of code to exploit a vulnerability in the systemd component. This process is integral to the boot process of nearly every lInux distribution in the world today.
While most “advanced’ computer users rely on Linux for their everyday needs, the operating system is not without its flaws. Granted, it is much more secure than Windows and far more customizable than MacOS. However, Linux is not the bastion of security many people believe it to be, as this new exploit goes to show.
Major Systemd Vulnerability Is Worrisome
The systemd vulnerability was discovered by Andrew Ayer, Founder of SSLMate. With one line of code, containing just 48 characters, he can crash nearly aLinuxnux distribution. Once the particular command is run on the terminal, the system will lock up. Cleanly rebooting the system is not possible either, and Linux systems will become very unstable.
To make matters even worse, the systemd flaw was introduced two years ago. Although no one expected this potential bug to cause so much havoc, it goes to show it doesn’t take much to attack Linux systems. In fact, any local user can attack a denial of service attack against system components. For networks relying on Linux distributions, hackers exploiting this code could cause significant damages.
Andrew Ayer explained what this exploit could do as follows:
“The best systemd can offer is whole application sandboxing. You can start a daemon as a non-root user, in a restricted filesystem namespace, with mandatory access control. Since sandboxing a whole application cannot protect one part of the application from a compromise of a different part, it is ineffective at securing benign-but-insecure software, which is the problem faced on servers.”
Thankfully, the bug has been patched, and an update has been released. However, if users do not update their distributions, the update will not be applied. A proactive approach regarding system and security updates is required at all times, regardless of which operating system is being used.
Bitcoin Users Need To Update ASAP
Although other Linux experts feel this vulnerability is only a “minor security flaw”, this highlights the operating system is not invulnerable. Systemd is a core process and an integral part of the system design itself. Being able to cause instability at such a core level is worrisome, to say the least. Although there are alternative developments to replace systemd, none of them seem to gain major traction where the “more standard distros” are concerned.
For Bitcoin users, this news is not overly positive either. Although most of the Linux users involved in Bitcoin will perform regular system updates, knowing that systemd can be destabilized is worrisome. At the same time, Linux remains a far more secure – albeit less convenient – operating system than any other out there.
This article originally appeared at: Threatpost
- PSA: If your PC runs Linux, you should update Sudo now
- The top 10 reasons Web sites get hacked
- How to Clear RAM Memory Cache, Buffer and Swap Space on Linux
- The NSA Worked to “Track Down” Bitcoin Users, Snowden Documents Reveal
- Supermicro Bug Could Let ‘Virtual USBs’ Take Over Corporate Servers | WIRED