CVE-2016-10156

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Debian logo
Debian Releases
Debian Product
Codename
systemd
bullseye
247.3-7+deb11u5
fixed
jessie
not-affected
wheezy
not-affected
bullseye (security)
247.3-7+deb11u6
fixed
bookworm
252.30-1~deb12u2
fixed
sid
256.7-3
fixed
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
zesty
not-affected
yakkety
not-affected
xenial
not-affected
trusty
not-affected
precise
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95790
http://www.securitytracker.com/id/1037686
https://bugzilla.suse.com/show_bug.cgi?id=1020601
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f
https://www.exploit-db.com/exploits/41171/
http://www.securityfocus.com/bid/95790
http://www.securitytracker.com/id/1037686
https://bugzilla.suse.com/show_bug.cgi?id=1020601
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f
https://www.exploit-db.com/exploits/41171/