CVE-2016-10156

EUVD-2016-1344
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Debian logo
Debian Releases
Debian Product
Codename
systemd
bookworm
252.30-1~deb12u2
fixed
bullseye
247.3-7+deb11u5
fixed
bullseye (security)
247.3-7+deb11u6
fixed
jessie
not-affected
sid
256.7-3
fixed
trixie
256.7-3
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
precise
dne
trusty
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95790
http://www.securitytracker.com/id/1037686
https://bugzilla.suse.com/show_bug.cgi?id=1020601
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f
https://www.exploit-db.com/exploits/41171/
http://www.securityfocus.com/bid/95790
http://www.securitytracker.com/id/1037686
https://bugzilla.suse.com/show_bug.cgi?id=1020601
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f
https://www.exploit-db.com/exploits/41171/