CVE-2016-7795: Input Validation
First published: Wed Sep 28 2016(Updated: )
A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/systemd | <0:219-30.el7_3.3 | 0:219-30.el7_3.3 |
| redhat/systemd | <0:219-19.el7_2.18 | 0:219-19.el7_2.18 |
| Ubuntu Linux | =16.04 | |
| systemd | <=231 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2016-7795 https://nvd.nist.gov/vuln/detail/CVE-2016-7795
- https://bugzilla.redhat.com/show_bug.cgi?id=1380286
- https://access.redhat.com/errata/RHSA-2016:2610
- https://access.redhat.com/errata/RHSA-2016:2694
- https://access.redhat.com/security/cve/CVE-2016-7795
- https://github.com/systemd/systemd/issues/4234
- http://www.openwall.com/lists/oss-security/2016/09/28/9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1380287
- https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020
- https://github.com/systemd/systemd/commit/d875aa8ce10b458dc218c0d98f4a82c8904d6d03
- https://github.com/systemd/systemd/commit/9987750e7a4c62e0eb8473603150596ba7c3a015
- https://github.com/systemd/systemd/commit/8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1380286#c3
- https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
- https://access.redhat.com/security/cve/CVE-2016-7796
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1381911
- https://rhn.redhat.com/errata/RHSA-2016-2610.html
- https://rhn.redhat.com/errata/RHSA-2016-2694.html
- http://rhn.redhat.com/errata/RHSA-2016-2610.html
- http://rhn.redhat.com/errata/RHSA-2016-2694.html
- http://www.openwall.com/lists/oss-security/2016/09/30/1
- http://www.securityfocus.com/bid/93223
- http://www.securitytracker.com/id/1037320
- http://www.ubuntu.com/usn/USN-3094-1
- collector/redhat-cve
- collector/redhat-bugzilla
- alias/CVE-2016-7795
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/16.04
- vendor/systemd project
- canonical/systemd
- version/systemd/231