oss-sec mailing list archives
Re: Headsup: systemd v228 local root exploit (CVE-2016-10156)
From: "Alexander E. Patrakov" <patrakov () gmail com>
Date: Wed, 25 Jan 2017 01:20:49 +0500
2017-01-24 13:55 GMT+05:00 Sebastian Krahmer <krahmer () suse com>:
Hi
This is a heads up for a trivial systemd local root exploit, that
was silently fixed in the upstream git as:
commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e
Author: ....
Date: Fri Jan 29 23:36:08 2016 +0200
basic: fix touch() creating files with 07777 mode
That's important for users of Arch Linux and other rolling distributions. If the system has booted the vulnerable version of systemd at least once, then the files with dangerous permissions will be there. There is no code in systemd that fixes permissions on already existing stamp files. There is no postinstall script in Arch that does it, either. So, you have to fix permissions to 0644 or remove the stamp files manually, once, even though the commit appeared in Arch repositories long time ago. -- Alexander E. Patrakov
Current thread:
- Headsup: systemd v228 local root exploit (CVE-2016-10156) Sebastian Krahmer (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Alexander E. Patrakov (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Alexander E. Patrakov (Jan 24)