CVE-2016-7796
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Known Affected Software
12 configuration(s) from 3 vendor(s)
suse_linux_enterprise_server_for_sap
Version:
12.0
CPE:
cpe:2.3:o:novell:suse_linux_enterprise_server_for_sap:12.0:*:*:*:*:*:*:*
suse_linux_enterprise_server
Version:
12.0
CPE:
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:-:*:*:*:*:*:*
suse_linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:*:*:*:*:*:*:*
suse_linux_enterprise_software_development_kit
Version:
12.0
CPE:
cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:-:*:*:*:*:*:*
enterprise_linux_workstation
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*
enterprise_linux_hpc_node
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
enterprise_linux_server
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*
enterprise_linux_desktop
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*
systemd
Version:
213
CPE:
cpe:2.3:a:systemd_project:systemd:213:*:*:*:*:*:*:*
systemd
Version:
229
CPE:
cpe:2.3:a:systemd_project:systemd:229:*:*:*:*:*:*:*
systemd
Version:
209
CPE:
cpe:2.3:a:systemd_project:systemd:209:*:*:*:*:*:*:*
systemd
Version:
214
CPE:
cpe:2.3:a:systemd_project:systemd:214:*:*:*:*:*:*:*
This vulnerability affects 12 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.htmlcve@mitre.org Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0003.htmlcve@mitre.org
-
http://www.openwall.com/lists/oss-security/2016/09/30/1cve@mitre.org Third Party Advisory
-
http://www.securityfocus.com/bid/93250cve@mitre.org Third Party Advisory
-
http://www.securitytracker.com/id/1037320cve@mitre.org
-
https://bugzilla.redhat.com/show_bug.cgi?id=1381911cve@mitre.org Issue Tracking Third Party Advisory VDB Entry
-
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246cve@mitre.org Exploit Patch Vendor Advisory
-
https://rhn.redhat.com/errata/RHBA-2015-2092.htmlcve@mitre.org Third Party Advisory
-
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweetcve@mitre.org Exploit Technical Description Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0003.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.openwall.com/lists/oss-security/2016/09/30/1af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/93250af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securitytracker.com/id/1037320af854a3a-2127-422b-91ae-364da2661108
-
https://bugzilla.redhat.com/show_bug.cgi?id=1381911af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory VDB Entry
-
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246af854a3a-2127-422b-91ae-364da2661108 Exploit Patch Vendor Advisory
-
https://rhn.redhat.com/errata/RHBA-2015-2092.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweetaf854a3a-2127-422b-91ae-364da2661108 Exploit Technical Description Third Party Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- October 13, 2016
