CVE-2016-10156

Name: CVE-2016-10156
Creator: NVD / NIST
Published: 2017-01-23T07:59:00.347+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.21%

Last modified Jun 17, 2026

CVE-2016-10156 is a vulnerability of currently unknown severity. A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.. EPSS estimates a 1.21% chance of exploitation in the next 30 days.

Description

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.

Metrics

EPSS Probability

1.21%

64.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Systemd Project	Systemd	228

References

http://www.securityfocus.com/bid/95790Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037686
https://bugzilla.suse.com/show_bug.cgi?id=1020601Issue Tracking
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0eIssue Tracking, Patch, Third Party Advisory
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2fIssue Tracking, Patch, Third Party Advisory
https://www.exploit-db.com/exploits/41171/
http://www.securityfocus.com/bid/95790Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037686
https://bugzilla.suse.com/show_bug.cgi?id=1020601Issue Tracking
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0eIssue Tracking, Patch, Third Party Advisory
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2fIssue Tracking, Patch, Third Party Advisory
https://www.exploit-db.com/exploits/41171/

Timeline

Published: Jan 23, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-10156?

How severe is CVE-2016-10156?

Severity scoring for CVE-2016-10156 is pending analysis. The EPSS model estimates a 1.21% probability of exploitation in the next 30 days.

How do I fix CVE-2016-10156?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-10156?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST