Vulnerability Description
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemd Project | Systemd | 209 |
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 |
| Novell | Suse Linux Enterprise Desktop | 12 |
| Novell | Suse Linux Enterprise Server | 12.0 |
| Novell | Suse Linux Enterprise Server For Sap | 12.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Hpc Node | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0003.html
- http://www.openwall.com/lists/oss-security/2016/09/30/1Third Party Advisory
- http://www.securityfocus.com/bid/93250Third Party Advisory
- http://www.securitytracker.com/id/1037320
- https://bugzilla.redhat.com/show_bug.cgi?id=1381911Issue TrackingThird Party AdvisoryVDB Entry
- https://github.com/systemd/systemd/issues/4234#issuecomment-250441246ExploitPatchVendor Advisory
- https://rhn.redhat.com/errata/RHBA-2015-2092.htmlThird Party Advisory
- https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweetExploitTechnical DescriptionThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0003.html
- http://www.openwall.com/lists/oss-security/2016/09/30/1Third Party Advisory
- http://www.securityfocus.com/bid/93250Third Party Advisory
FAQ
What is CVE-2016-7796?
CVE-2016-7796 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be re...
How severe is CVE-2016-7796?
CVE-2016-7796 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7796?
Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Novell Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Server, Novell Suse Linux Enterprise Server For Sap.