'[oss-security] Re: CVE Request: systemd v209+: local denial-of-service attack'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Request: systemd v209+: local denial-of-service attack
From:       cve-assign () mitre ! org
Date:       2016-09-30 6:52:02
Message-ID: 20160930065202.8889413A978 () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/systemd/systemd/issues/4234
> https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet

> systemd fails an assertion in manager_invoke_notify_message when
> a zero-length message is received over its notification socket.
> After failing the assertion, PID 1 hangs in the pause system call.
> It is no longer possible to start and stop daemons or cleanly reboot
> the system. Inetd-style services managed by systemd no longer accept
> connections.
> 
> Since the notification socket, /run/systemd/notify, is world-writable,
> this allows a local user to perform a denial-of-service attack against
> systemd.
> 
> Proof-of-concept:
> 
>         NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""

Use CVE-2016-7795.


>> https://github.com/systemd/systemd/issues/4234#issuecomment-250441246

>> Older distros are affected differently I think: no assertion is
>> triggered but manager_dispatch_notify_fd() still returns an error
>> which has the bad side effect to disable the notification handler
>> completely

Use CVE-2016-7796.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX7gspAAoJEHb/MwWLVhi2AEYQAI5Dkd5GxOBYhdhVAfMnJ6Xs
wkc8q9UDwm7dotGM4fnDy5noR0NEzi/+1d8v2F+i7WafNc1RCzvYlLL0W89UjAkj
cz3LQ/DWAnF9PxWU8M2uRDmSanjDwESqTXmsTqapeXK+bY70qbVKpTVJLkItaFOj
lW/43C7W6SVHNBhSly9DLUGzVbokd2kaHwnIDg0LGdeBdjd4aT9iKzGuN57JteQT
cAMFVlcMrq+VyuQpisI4nzTdDxTQehdCe5r6L1d/AHn8UQ7rFE1hi6wGQCcZ+e3q
SsIxPmno3oUUEfQiRqjlOy8LSUor7t1t/VlwlZeznGzIrH0YVSOtZ4DCnBiWbzgQ
6AAaVk/L0MnSIRsVXyZLsIWtjOSFSWCP0A8lg5DB7mgabyHk6hWKM1lk/IHkuWOi
ZsQDJuKMQT8ZDQJ+28ouxjCmc8nY9SpDqD2BM5qZEdqs9LWfzB6Jv/cFAcbeEJsi
M8T+4GGb8TobihbyAZjebWPwtQIejObUgNpuVUMqOCYQypzPwYzqiVeAihfPynCY
rG/bbD7LagaU5kUJA9w0w032pitwbA9i4yt4Bxw6BG3TfBAxAIb3GMJrYD2EX4Jv
1jZrHbQ9bsshA01vo+ozm7hVZiL/J9GikM/mc+9vCeaDuwtcfLofKa+MskeFCw3w
E5NYYC+/fcM2fQkTX1jM
=XTWD
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic