CVE-2016-10156

HIGH

systemd <v229 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10156. PoCs published by Sebastian Krahmer.

AI-analyzed exploit summary This exploit leverages a vulnerability in systemd (CVE-2016-10156) where the `touch()` function creates files with mode 07777, including the SUID bit. The provided code creates a SUID binary in a world-writable directory, allowing local privilege escalation to root.

Description

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.

Exploits (1)

exploitdb WORKING POC

by Sebastian Krahmer · textlocallinux

https://www.exploit-db.com/exploits/41171

View Code ZIP pw:eip

This exploit leverages a vulnerability in systemd (CVE-2016-10156) where the `touch()` function creates files with mode 07777, including the SUID bit. The provided code creates a SUID binary in a world-writable directory, allowing local privilege escalation to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: systemd v228

No auth needed

Prerequisites: Access to a vulnerable systemd version · Presence of a world-writable directory with SUID/SGID properties

MITRE ATT&CK