CVE-2016-10156

NameCVE-2016-10156
DescriptionA flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)buster241-7~deb10u8fixed
buster (security)241-7~deb10u10fixed
bullseye247.3-7+deb11u4fixed
bookworm252.22-1~deb12u1fixed
sid, trixie255.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcewheezy(not affected)
systemdsourcejessie(not affected)
systemdsource(unstable)229-1

Notes

[jessie] - systemd <not-affected> (Vulnerability introduced in v228)
[wheezy] - systemd <not-affected> (Vulnerability introduced in v228)
https://bugzilla.suse.com/show_bug.cgi?id=1020601
Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229)
Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228)

Search for package or bug name: Reporting problems