CVE-2016-7795 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Denial of service
Description	systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over its notification socket. After failing the assertion, PID 1 hangs in the pause system call. It is no longer possible to start and stop daemons or cleanly reboot the system. Inetd-style services managed by systemd no longer accept connections. Since the notification socket, /run/systemd/notify, is world-writable, this allows a local user to perform a denial-of-service attack against systemd. Proof-of-concept: NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-38	systemd	231-1	231-2	High	Fixed	FS#51035

Date	Advisory	Group	Package	Severity	Type
04 Oct 2016	ASA-201610-2	AVG-38	systemd	High	denial of service

References
http://www.openwall.com/lists/oss-security/2016/09/28/9 https://github.com/systemd/systemd/issues/4234

Notes
This vulnerability is present in all versions of systemd since at least v209.