CVE-2016-10156

high

Description

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.

References

Advisories
More

https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f

https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e

http://www.securityfocus.com/bid/95790

https://www.exploit-db.com/exploits/41171/

https://bugzilla.suse.com/show_bug.cgi?id=1020601

http://www.securitytracker.com/id/1037686

Details

Source: Mitre, NVD

Published: 2017-01-23

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H