A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local malicious users to escalate their privileges to root. This is fixed in v229.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
systemd project systemd 228 |
Opens door to privilege escalation attacks
Some Linux distros will need to be updated following the discovery of an easily exploitable flaw in a core system management component. The CVE-2016-10156 security hole in systemd v228 opens the door to privilege escalation attacks, creating a means for hackers to root systems locally if not across the internet. The vulnerability is fixed in systemd v229. Essentially, it is possible to create world-readable, world-writeable setuid executable files that are root owned by setting all the mode bits...