5.5

CVE-2016-7796

Exploit
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.86% 0.535
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2016/09/30/1
Third Party Advisory
http://www.securitytracker.com/id/1037320
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
Third Party Advisory
Exploit
Technical Description
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0003.html
http://www.securityfocus.com/bid/93250
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1381911
Third Party Advisory
VDB Entry
Issue Tracking
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
Patch
Vendor Advisory
Exploit
https://rhn.redhat.com/errata/RHBA-2015-2092.html
Third Party Advisory