#VU5366 Privilege escalation in systemd - CVE-2016-10156
Published: January 24, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU5366
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2016-10156
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
systemd
systemd
Software vendor:
Freedesktop.org
Freedesktop.org
Description
The vulnerability allows a local user to obtain root privileges.
The vulnerability exists within the touch_file() function in "/src/basic/fs-util.c". A local user can use systemd timer functions to create world writable set user id (suid) files, owned by root user, and gain root privileges on vulnerable system.
Successful exploitation of the vulnerability may allow a local user to gain root privileges on vulnerable system.
The vulnerability exists within the touch_file() function in "/src/basic/fs-util.c". A local user can use systemd timer functions to create world writable set user id (suid) files, owned by root user, and gain root privileges on vulnerable system.
Successful exploitation of the vulnerability may allow a local user to gain root privileges on vulnerable system.
Remediation
The vulnerability was fixed in version v229.