CVE-2016-10156

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.

Ссылки

http://www.securityfocus.com/bid/95790
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037686
https://bugzilla.suse.com/show_bug.cgi?id=1020601
Issue Tracking
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e
Issue Tracking
Patch
Third Party Advisory
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f
Issue Tracking
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/41171/
http://www.securityfocus.com/bid/95790
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037686
https://bugzilla.suse.com/show_bug.cgi?id=1020601
Issue Tracking
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e
Issue Tracking
Patch
Third Party Advisory
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f
Issue Tracking
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/41171/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:systemd_project:systemd:228:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00712

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-10156

CVSS3: 7.8

ubuntu

около 9 лет назад

CVE-2016-10156

CVSS3: 7.8

redhat

около 9 лет назад

CVE-2016-10156

CVSS3: 7.8

debian

около 9 лет назад

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable s ...

openSUSE-SU-2017:0287-1

suse-cvrf

около 9 лет назад

Security update for systemd

SUSE-SU-2017:0279-1

suse-cvrf

около 9 лет назад

Security update for systemd

EPSS

Процентиль: 72%

0.00712

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264