A security bug in Systemd can be exploited Vulnerability-related.DiscoverVulnerability over the network to , at best , potentially crash a vulnerable Linux machine , or , at worst , execute malicious code on the box . The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking : maliciously crafted DHCPv6 packets can try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable systems , leading to potential code execution . This code could install malware , spyware , and other nasties , if successful . The vulnerability – which was made public Vulnerability-related.DiscoverVulnerability this week – sits within the written-from-scratch DHCPv6 client of the open-source Systemd management suite , which is built into various flavors of Linux . This client is activated automatically if IPv6 support is enabled , and relevant packets arrive for processing . Thus , a rogue DHCPv6 server on a network , or in an ISP , could emit specially crafted router advertisement messages that wake up these clients , exploit the bug , and possibly hijack or crash vulnerable Systemd-powered Linux machines . Here 's the Red Hat Linux summary : systemd-networkd is vulnerable Vulnerability-related.DiscoverVulnerability to an out-of-bounds heap write in the DHCPv6 client when handling options sent by network adjacent DHCP servers . A attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines , resulting in a denial of service or potential code execution . Felix Wilhelm , of the Google Security team , was credited with discovering Vulnerability-related.DiscoverVulnerability the flaw , designated CVE-2018-15688 . Wilhelm found that a specially crafted DHCPv6 network packet could trigger `` a very powerful and largely controlled out-of-bounds heap write , '' which could be used by a remote hacker to inject and execute code . `` The overflow can be triggered relatively easy by advertising a DHCPv6 server with a server-id > = 493 characters long , '' Wilhelm noted . In addition to Ubuntu and Red Hat Enterprise Linux , Systemd has been adopted as a service manager for Debian , Fedora , CoreOS , Mint , and SUSE Linux Enterprise Server . We 're told RHEL 7 , at least , does not use the vulnerable component by default . Systemd creator Lennart Poettering has already published Vulnerability-related.PatchVulnerability a security fix for the vulnerable component – this should be weaving its way into distros as we type . If you run a Systemd-based Linux system , and rely on systemd-networkd , update Vulnerability-related.PatchVulnerability your operating system as soon as you can to pick up the fix when available Vulnerability-related.PatchVulnerability and as necessary . The bug will come as another argument against Systemd as the Linux management tool continues to fight for the hearts and minds of admins and developers alike . Though a number of major admins have in recent years adopted and championed it as the replacement for the old Init era , others within the Linux world seem to still be less than impressed with Systemd and Poettering 's occasionally controversial management of the tool .