FS#51040 : [systemd] systemd v209+: local denial-of-service attack

FS#51040 - [systemd] systemd v209+: local denial-of-service attack

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Thursday, 29 September 2016, 18:46 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 29 September 2016, 18:50 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Pascal Ernster (hardfalcon) (2016-09-29)
Private	No

Details

Description: http://www.openwall.com/lists/oss-security/2016/09/28/9

Any local user can crash systemd by sending a zero-length message to systemd's notification socket. This can for example be done by executing the following command:

$ NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""

Upstream has fixed this in git, but has not published a new release yet:

https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020

Affected versions: systemd from 209-1 up to 231-1

This task depends upon

Closed by Dave Reisner (falconindy)
Thursday, 29 September 2016, 18:50 GMT
Reason for closing: Duplicate
Additional comments about closing: ~~FS#51035~~

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#51040 - [systemd] systemd v209+: local denial-of-service attack

Details

Loading...