Researchers have discovered Vulnerability-related.DiscoverVulnerability some serious security flaws threatening Linux . These vulnerabilities exist in Vulnerability-related.DiscoverVulnerability Linux systemd component . According to the researchers , the vulnerabilities pose a risk to all systemd-based Linux distros . Allegedly , researchers at Qualys have disclosed Vulnerability-related.DiscoverVulnerability some bugs targeting the Linux systemd component . Systemd provides the core building blocks for Linux and handles major processes after booting . As revealed Vulnerability-related.DiscoverVulnerability , three vulnerabilities have targeted the systemd-journald , which is responsible for data collection and log storage . The vulnerabilities let an attacker gain root privileges on the target device . The researchers state Vulnerability-related.DiscoverVulnerability that these vulnerabilities threaten all Linux distros based on systemd except a few . As stated in their report , “ To the best of our knowledge , all systemd-based Linux distributions are vulnerable Vulnerability-related.DiscoverVulnerability , but SUSE Linux Enterprise 15 , openSUSE Leap 15.0 , and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC ’ s -fstack-clash-protection. ” The three bugs include two different memory corruption flaws ( CVE-2018-16864 and CVE-2018-16865 ) , and an out-of-bounds flaw ( CVE-2018-16866 ) . At first , the researchers accidentally discovered Vulnerability-related.DiscoverVulnerability CVE-2018-16864 while working on an exploit for a previously disclosed vulnerability , Mutagen Astronomy . Then , when they were busy on its PoC , they spotted Vulnerability-related.DiscoverVulnerability the other two bugs . “ We developed Vulnerability-related.DiscoverVulnerability a proof of concept for CVE-2018-16864 that gains eip control on i386… We developed Vulnerability-related.DiscoverVulnerability an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64 , on average. ” Interestingly , the bugs had been around for quite a few years . For now , Red Hat has patched Vulnerability-related.PatchVulnerability the bugs CVE-2018-16864 and CVE-2018-16865 . Whereas , Debian has fixed Vulnerability-related.PatchVulnerability CVE-2018-16866 in the unstable systemd 240-1 release . Other distros will also supposedly release Vulnerability-related.PatchVulnerability the fixes soon . In November 2018 , a Google researcher also highlighted Vulnerability-related.DiscoverVulnerability a critical flaw in Systemd that induced system crashes and hacks .

Researchers from security firm ERPScan have disclosed Vulnerability-related.DiscoverVulnerability a vulnerability in the SAP GUI application which it has described as Vulnerability-related.DiscoverVulnerability perhaps the most dangerous SAP issue since 2011 , as it affects not only every SAP customer but also every user . The vulnerability allows an attacker to make all endpoints with compromised SAP GUI clients automatically install malware that locks their computers when an SAP user logs in to the system . When the user next logs into the SAP GUI application , the malicious software will run and prevent them from logging on to SAP Server . Firstly , in this case , patching process is especially laborious and time-consuming , as the vulnerability affects Vulnerability-related.DiscoverVulnerability client side , so an SAP administrator has to apply Vulnerability-related.PatchVulnerability the patch on every endpoint with SAP GUI in a company and a typical enterprise has thousands of them , ” said Vulnerability-related.DiscoverVulnerability Vahagn Vardanyan , senior security researcher , ERPScan . The vulnerability was patched Vulnerability-related.PatchVulnerability by SAP with a fix as part of its March Security Note 2407616 . An SAP spokesperson confirmed that a SAP GUI vulnerability was fixed Vulnerability-related.PatchVulnerability in the March Patch Day , with further details available via this blog post . “ It has a priority of High , based on CVSS rating of 8.0 ( but not Very High ) . We have no information or evidence of this vulnerability being exploited Vulnerability-related.DiscoverVulnerability at a customer but advise all customers to patch Vulnerability-related.PatchVulnerability their infrastructure immediately . Customers are required to apply Vulnerability-related.PatchVulnerability the SAP GUI patch released Vulnerability-related.PatchVulnerability on their landscape using their standard client software distribution and update tools ( which they would have in place for end-user software licensed from other vendors as well ) , ” the spokesperson said . Pingback : SAP GUI vulnerability “ most dangerous ” since 201