CVE-2016-7795

Source
Severity High
Remote No
Type Denial of service
Description
systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over its notification socket. After failing the assertion, PID 1 hangs in the pause system call. It is no longer possible to start and stop daemons or cleanly reboot the system. Inetd-style services managed by systemd no longer accept connections.
Since the notification socket, /run/systemd/notify, is world-writable, this allows a local user to perform a denial-of-service attack against systemd.
Proof-of-concept:
    NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
Group Package Affected Fixed Severity Status Ticket
AVG-38 systemd 231-1 231-2 High Fixed FS#51035
Date Advisory Group Package Severity Description
04 Oct 2016 ASA-201610-2 AVG-38 systemd High denial of service
References
http://www.openwall.com/lists/oss-security/2016/09/28/9
https://github.com/systemd/systemd/issues/4234
Notes
This vulnerability is present in all versions of systemd since at least v209.