From TFA (the friendly article) at https://www.openwall.com/lists/oss-security/2019/01/09/3:
We discovered three vulnerabilities in systemd-journald (https://en.wikipedia.org/wiki/Systemd):
- CVE-2018-16864 and CVE-2018-16865, two memory corruptions (attacker-controlled alloca()s);
- CVE-2018-16866, an information leak (an out-of-bounds read).
CVE-2018-16864 was introduced in April 2013 (systemd v203) and became exploitable in February 2016 (systemd v230). We developed a proof of concept for CVE-2018-16864 that gains eip control on i386.
CVE-2018-16865 was introduced in December 2011 (systemd v38) and became exploitable in April 2013 (systemd v201). CVE-2018-16866 was introduced in June 2015 (systemd v221) and was inadvertently fixed in August 2018.
We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average. We will publish our exploit in the near future.
To the best of our knowledge, all systemd-based Linux distributions are vulnerable, but SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC's -fstack-clash-protection.
This confirms https://grsecurity.net/an_ancient_kernel_hole_is_not_closed.php: "It should be clear that kernel-only attempts to solve [the Stack Clash] will necessarily always be incomplete, as the real issue lies in the lack of stack probing."
The article goes on with more detailed information on exploits.
<sarcasm>It's a good thing that systemd does not affect very many systems and no systems running anything important.</sarcasm>
(Score: 5, Insightful) by digitalaudiorock on Friday January 11 2019, @02:24PM
Never mind that these bugs are in their shit-for-brains systemd-journald and binary logging. None of that should have ever happened, and nobody with any sense wanted it. But yea...it's all good...as long as sysadmins whose companies fell for RHEL 7 start treating it the way they've treated Windows Server...which is about where this has gone. Good luck with all that. No systemd in my home or my company, and never will be...thank God.