CVE-2016-10156

7.8 HIGH

Published: January 23, 2017 Modified: May 13, 2026

Description

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.securityfocus.com/bid/95790

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1037686

Source: cve@mitre.org

https://bugzilla.suse.com/show_bug.cgi?id=1020601

Source: cve@mitre.org

Issue Tracking

https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e

Source: cve@mitre.org

Issue Tracking Patch Third Party Advisory

https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f

Source: cve@mitre.org

Issue Tracking Patch Third Party Advisory

https://www.exploit-db.com/exploits/41171/

Source: cve@mitre.org

http://www.securityfocus.com/bid/95790