CVE-2016-7795
UnknownEPSS 0.63%
Last modified
CVE-2016-7795 is a vulnerability of currently unknown severity. The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.. EPSS estimates a 0.63% chance of exploitation in the next 30 days.
Description
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 16.04 |
| Systemd Project | Systemd | <= 231 |
References
- http://www.openwall.com/lists/oss-security/2016/09/28/9Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/09/30/1Third Party Advisory
- http://www.securityfocus.com/bid/93223Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-3094-1Third Party Advisory
- https://github.com/systemd/systemd/issues/4234Exploit, Patch, Third Party Advisory
- https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweetExploit, Technical Description, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/09/28/9Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/09/30/1Third Party Advisory
- http://www.securityfocus.com/bid/93223Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-3094-1Third Party Advisory
- https://github.com/systemd/systemd/issues/4234Exploit, Patch, Third Party Advisory
- https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweetExploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-7795?
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
How severe is CVE-2016-7795?
Severity scoring for CVE-2016-7795 is pending analysis. The EPSS model estimates a 0.63% probability of exploitation in the next 30 days.
How do I fix CVE-2016-7795?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2016-7795?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST