Welcome!
Forum users

Current releases
--MX-23 release info here
--Migration information to MX-23 here
--antiX-23.1 (Arditi del Popolo) release info here

Important information
--If in starting your system it boots to an unwanted Desktop, right click desktop, then select leave and logout. At the
login screen there is a session chooser at the top of the screen.

News
-- MX Linux on social media: here
-- New Forum Features, Marking Solved and Referencing a User: here

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

For issues with MX that has been modified from the initial install. Example: adding packages that then cause issues.
Post Reply
Message
Author
User avatar
handy
Posts: 611
Joined: Mon Apr 23, 2018 2:00 pm

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#1 Post by handy »

I spotted this over on the Artix forum:

https://www.theregister.co.uk/2018/10/2 ... hcpv6_rce/
1_MSI: MAG B560 TORP', i5, RAM 16GB, GTX 1070 Ti 12GB, M2 238GB + USB, MX-23 Fb to Openbox
2_Lenovo: Ideapad 520S, i5, RAM 8GB, GPU i620, HDD 1TB, MX-21 - Openbox
3_Clevo: P150SM-A, i7, RAM 16GB, nVidia 8600, 2x 1TB HDD & M.2 256 GB, MX-21 - Openbox


skidoo
Posts: 753
Joined: Tue Sep 22, 2015 6:56 pm

Re: The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#3 Post by skidoo »

.
v---- has been linked (not by me) in the without-systemd wiki (title of this forum topic matches the title of the linked register.co.uk article)
Image

User avatar
handy
Posts: 611
Joined: Mon Apr 23, 2018 2:00 pm

Re: The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#4 Post by handy »

You guys are fast! :D

This vulnerability doesn't worry me personally, as I turn IPv6 off on the kernel line. I don't remember whether I've bought that how-to into the Tutorials here or not.

[edit:] I just checked & I haven't done the turn of IPv6 thing in tutorials, so I will in a bit.
1_MSI: MAG B560 TORP', i5, RAM 16GB, GTX 1070 Ti 12GB, M2 238GB + USB, MX-23 Fb to Openbox
2_Lenovo: Ideapad 520S, i5, RAM 8GB, GPU i620, HDD 1TB, MX-21 - Openbox
3_Clevo: P150SM-A, i7, RAM 16GB, nVidia 8600, 2x 1TB HDD & M.2 256 GB, MX-21 - Openbox

User avatar
fehlix
Developer
Posts: 10275
Joined: Wed Apr 11, 2018 5:09 pm

Re: The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#5 Post by fehlix »

handy wrote: Sun Oct 28, 2018 11:02 pm This vulnerability doesn't worry me personally, as I turn IPv6 off on the kernel line. I don't remember whether I've bought that how-to into the Tutorials here or not.

[edit:] I just checked & I haven't done the turn of IPv6 thing in tutorials, so I will in a bit.
Is it : GRUB_CMDLINE_LINUX="ipv6.disable=1" ?
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
fehlix
Developer
Posts: 10275
Joined: Wed Apr 11, 2018 5:09 pm

Re: The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#6 Post by fehlix »

Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
handy
Posts: 611
Joined: Mon Apr 23, 2018 2:00 pm

Re: The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#7 Post by handy »

fehlix wrote: Tue Oct 30, 2018 8:04 pm
handy wrote: Sun Oct 28, 2018 11:02 pm This vulnerability doesn't worry me personally, as I turn IPv6 off on the kernel line. I don't remember whether I've bought that how-to into the Tutorials here or not.

[edit:] I just checked & I haven't done the turn of IPv6 thing in tutorials, so I will in a bit.
Is it : GRUB_CMDLINE_LINUX="ipv6.disable=1" ?
Yep. I have a pretty thorough how-to on it that I'll get around to putting in the tutorials section, as it makes it easier for someone doing a search to find it, & it should hopefully answer all of their questions too.
1_MSI: MAG B560 TORP', i5, RAM 16GB, GTX 1070 Ti 12GB, M2 238GB + USB, MX-23 Fb to Openbox
2_Lenovo: Ideapad 520S, i5, RAM 8GB, GPU i620, HDD 1TB, MX-21 - Openbox
3_Clevo: P150SM-A, i7, RAM 16GB, nVidia 8600, 2x 1TB HDD & M.2 256 GB, MX-21 - Openbox

turtlebay777
Posts: 254
Joined: Sat Apr 14, 2018 2:40 pm

Re: The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#8 Post by turtlebay777 »

fehlix wrote: Tue Oct 30, 2018 8:17 pm
turtlebay777 wrote: Sun Oct 28, 2018 7:47 am Already patched on mx and antix - viewtopic.php?p=464563#p464539
Not yet:
https://security-tracker.debian.org/tra ... 2018-15688

This one was fixed is:
https://security-tracker.debian.org/tra ... 2018-14665
So Dolphin Oracle was wrong then when he said it was already patched?

User avatar
anticapitalista
Developer
Posts: 4158
Joined: Sat Jul 15, 2006 10:40 am

Re: The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#9 Post by anticapitalista »

turtlebay777 wrote: Wed Oct 31, 2018 2:21 pm
fehlix wrote: Tue Oct 30, 2018 8:17 pm
turtlebay777 wrote: Sun Oct 28, 2018 7:47 am Already patched on mx and antix - viewtopic.php?p=464563#p464539
Not yet:
https://security-tracker.debian.org/tra ... 2018-15688

This one was fixed is:
https://security-tracker.debian.org/tra ... 2018-14665
So Dolphin Oracle was wrong then when he said it was already patched?
They are 2 different exploits.
The one d_o said was fixed (and it is) refers to xorg
This thread refers to dhcp in systemd (not fixed) and network-manager. (not fixed)
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com

User avatar
crazysquirrel
Posts: 100
Joined: Thu Mar 14, 2019 5:59 pm

Re: The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

#10 Post by crazysquirrel »

what if you only use ipv4?
Mx 19.2 XFCE, dual boot with XP Media Center Edition 2005, core i5, 8gb ram, WD 500GB NvMe drive (4 lanes) + other storage drives.

Post Reply

Return to “MX Modified”