wvu
commented
6 years ago Mitigations are?
Closed sempervictus closed 1 year ago
wvu
commented
6 years ago Mitigations are?
sempervictus
commented
6 years ago An up-to-date systemd.
wvu
commented
6 years ago Memory protections, I mean.
sempervictus
commented
6 years ago That'll depend on distro, and whether or not folks are building their own/using non-upstream bins. I haven't had any time to dig into this, write up a poc, etc. Sort of threw it up in the hopes of some enterprising sploit writer like yourself might find it interesting enough to do a feasibility and impact assessment. Arch is my flavor these days, all on systemd, so I should have some viable testbeds to mess with later on.
bcoles
commented
5 years ago References
Mitigations
github-actions[bot]
commented
1 year ago Thanks for your contribution to Metasploit Framework! We've looked at this issue, and unfortunately we do not currently have the bandwidth to prioritize this issue.
We've labeled this as attic and closed it for now. If you believe this issue has been closed in error, or that it should be prioritized, please comment with additional information.
Shellshocking via DHCP options was fun, looks like the systemd DHCP6 client can be abused via buffer overflow (much less generic than a delightful command injection). Under Arch, it seems to run as the systemd-networkd user, CentOS7 machine is using /etc/rc.d/init.d/network still, Ubuntu 18.04 has netplan/systemd, so that might be a viable target to aim for...