[arch-security] [ASA-201610-2] systemd: denial of service
Arch Linux Security Advisory ASA-201610-2 ========================================= Severity: High Date : 2016-10-04 CVE-ID : CVE-2016-7795 Package : systemd Type : denial of service Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package systemd before version 231-2 is vulnerable to denial of service. Resolution ========== Upgrade to 231-2. # pacman -Syu "systemd>=231-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over its notification socket. After failing the assertion, PID 1 hangs in the pause system call. It is no longer possible to start and stop daemons or cleanly reboot the system. Inetd-style services managed by systemd no longer accept connections. Since the notification socket, /run/systemd/notify, is world-writable, this allows a local user to perform a denial-of-service attack against systemd. Proof-of-concept: NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" Impact ====== A local attacker is able to perform a denial of service attack by obstructing start/stop of any daemons and clean reboot of the system. References ========== https://github.com/systemd/systemd/issues/4234 http://www.openwall.com/lists/oss-security/2016/09/28/9 https://access.redhat.com/security/cve/CVE-2016-7795
participants (1)
-
Levente Polyak