Linux is supposed to the most secure operating system in the world with very few flaws but a security researcher has discovered that a single command line is enough to crash the popular Systemd feature in Linux.
System administrator Andrew Ayer has discovered a potentially critical bug in systemd which can bring a vulnerable Linux server to its knees with a single command line.”After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons.
According to the bug report, Debian, Ubuntu, and CentOS are among the distros susceptible to various levels of resource exhaustion. The bug, which has existed for more than two years, does not require root access to exploit.
Ayer says that if a potential hacker runs this command, PID 1 is hung in the pause system call. As a result, you can no longer start and stop daemons while the Linux inetd-style services no longer accept connections. The vulnerability is so critical that you cannot cleanly reboot the system. The system feels generally unstable (e.g. ssh and su hang for 30 seconds since systemd is now integrated with the login system). All of this can be caused by a command that’s short enough to fit in a Tweet.-
Source: http://www.techworm.net/2016/10/can-crash-linux-systemd-single-tweet.html
Submitted by: Arnfried Walbrecht
Comments are closed.