| Description |
| + |
systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over its notification socket. After failing the assertion, PID 1 hangs in the pause system call. It is no longer possible to start and stop daemons or cleanly reboot the system. Inetd-style services managed by systemd no longer accept connections. |
| + |
Since the notification socket, /run/systemd/notify, is world-writable, this allows a local user to perform a denial-of-service attack against systemd. |
| + |
Proof-of-concept: |
| + |
NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" |
|