A new Linux exploit has been found for Linux machines. This involves the FUSE filesystem framework and can crash Systemd after executing a program as a normal user. This is CVE-2021-33910, Denial of service (stack exhaustion) in Systemd (PID
1). More information about this exploit may be found here: https://www.openwall.com/lists/oss-security/2021/07/20/2. A sample program proof of concept is here: https://www.openwall.com/lists/oss-security/2021/07/20/1/1. This will take down an entire Linux system as the whole thing is using Systemd nowadays. But this should be fully patched very soon as long as you keep installing updates.
I am running the sample program to try and run this exploit, but it is taking a very long time.
Firstly, I created this folder under /tmp.
┌──[jason@192.168.1.2]─[~/Documents] └──╼ ╼ $ mkdir -m 0700 -p /tmp/hello/world |
Now I am running the sample proof of concept. Compile by running gcc crasher.c -o testing.
┌──[jason@192.168.1.2]─[~/Documents] └──╼ ╼ $ ./a.out /tmp/hello/world/ creating directories, please wait... |
It is creating countless nested directories that look like this.
drwx------ 3 jason jason 4.0K Jul 22 09:04 '\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' |
I will wait and see how this turns out on Ubuntu 20.04.