Vulnerability Details : CVE-2016-7796
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-7796
- cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:ltss:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_server_for_sap:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:229:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:209:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:213:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:214:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7796
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7796
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-7796
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7796
-
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
How to Crash Systemd in One TweetExploit;Technical Description;Third Party Advisory
-
http://www.securitytracker.com/id/1037320
systemd Zero-Length Notification Processing Flaw Lets Local Users Cause Denial of Service Conditions - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html
[security-announce] SUSE-SU-2016:2476-1: important: Security update forThird Party Advisory
-
http://www.securityfocus.com/bid/93250
systemd CVE-2016-7796 Local Denial of Service VulnerabilityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/09/30/1
oss-security - Re: CVE Request: systemd v209+: local denial-of-service attackThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html
[security-announce] SUSE-SU-2016:2475-1: important: Security update forThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1381911
1381911 – (CVE-2016-7796) CVE-2016-7796 systemd: freeze when PID 1 receives a zero-length message over notify socketIssue Tracking;Third Party Advisory;VDB Entry
-
https://rhn.redhat.com/errata/RHBA-2015-2092.html
RHBA-2015:2092 - Bug Fix Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
Assertion failure when PID 1 receives a zero-length message over notify socket · Issue #4234 · systemd/systemd · GitHubExploit;Patch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0003.html
RHSA-2017:0003 - Security Advisory - Red Hat Customer Portal
Jump to