Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-10156

CWE-264 CWE-732 — Incorrect Permission Assignment8 documents8 sources

Severity

7.8HIGH

EPSS

0.7%

top 27.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Systemd Project Systemd

Timeline

PublishedJan 23

Latest updateMay 17

Description

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debiansystemd< 229-1+3

▶NVDsystemd_project/systemd228

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-4r87-5wgm-7h7m: A flaw in systemd v228 in /src/basic/fs-util↗2022-05-17

▶

CVEList

CVE-2016-10156: A flaw in systemd v228 in /src/basic/fs-util↗2017-01-23

▶

OSV

CVE-2016-10156: A flaw in systemd v228 in /src/basic/fs-util↗2017-01-23

▶

💥Exploits & PoCs

Exploit-DB

Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation↗2017-01-24

▶

📋Vendor Advisories

Red Hat

systemd: systemd creates world-writable suid files allowing root privilege escalation↗2017-01-24

▶

Debian

CVE-2016-10156: systemd - A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files ...↗2016

▶

💬Community

Bugzilla

CVE-2016-10156 systemd: systemd creates world-writable suid files allowing root privilege escalation↗2017-01-24

▶