Vulnerability Description
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemd Project | Systemd | 228 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95790Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037686
- https://bugzilla.suse.com/show_bug.cgi?id=1020601Issue Tracking
- https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cdIssue TrackingPatchThird Party Advisory
- https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7aIssue TrackingPatchThird Party Advisory
- https://www.exploit-db.com/exploits/41171/
- http://www.securityfocus.com/bid/95790Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037686
- https://bugzilla.suse.com/show_bug.cgi?id=1020601Issue Tracking
- https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cdIssue TrackingPatchThird Party Advisory
- https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7aIssue TrackingPatchThird Party Advisory
- https://www.exploit-db.com/exploits/41171/
FAQ
What is CVE-2016-10156?
CVE-2016-10156 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Thi...
How severe is CVE-2016-10156?
CVE-2016-10156 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10156?
Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd.