ArchLinux: 201610-2: systemd: denial of service
Summary
systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over its notification socket. After failing the assertion, PID 1 hangs in the pause system call. It is no longer possible to start and stop daemons or cleanly reboot the system. Inetd-style services managed by systemd no longer accept connections. Since the notification socket, /run/systemd/notify, is world-writable, this allows a local user to perform a denial-of-service attack against systemd. Proof-of-concept: NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
Resolution
Upgrade to 231-2.
# pacman -Syu "systemd>=231-2"
The problem has been fixed upstream but no release is available yet.
References
https://github.com/systemd/systemd/issues/4234 https://www.openwall.com/lists/oss-security/2016/09/28/9 https://access.redhat.com/security/cve/CVE-2016-7795
Workaround
None.