CVE-2016-10156

EPSS 0.81%
Veröffentlicht 23.01.2017 07:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Systemd Project ≫ Systemd Version228

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.81%	0.72

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://www.securityfocus.com/bid/95790

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037686

https://bugzilla.suse.com/show_bug.cgi?id=1020601

Issue Tracking

https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e

Patch

Third Party Advisory

Issue Tracking

https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f

Patch

Third Party Advisory

Issue Tracking

https://www.exploit-db.com/exploits/41171/

https://nvd.nist.gov/vuln/detail/CVE-2016-10156

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10156

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10156

EUVD