CVE-2016-10156

Source
https://cve.org/CVERecord?id=CVE-2016-10156
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10156.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10156
Downstream
Related
Published
2017-01-23T07:59:00.347Z
Modified
2026-07-08T12:43:30.967865Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.

References

Affected packages

Git / github.com/systemd/systemd

Affected ranges

Type
GIT
Repo
https://github.com/systemd/systemd
Events
Database specific
{
    "cpe": "cpe:2.3:a:systemd_project:systemd:228:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "228"
        },
        {
            "last_affected": "228"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

Other
228
v228

Database specific

vanir_signatures
[
    {
        "digest": {
            "function_hash": "208378130462840707615846514508483232653",
            "length": 777.0
        },
        "target": {
            "function": "touch_file",
            "file": "src/basic/fs-util.c"
        },
        "id": "CVE-2016-10156-0ea95390",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "143490046643793043951247385066281749424",
                "122935519918159594852004239146072093699",
                "54395448293350274193157192029626465405",
                "319258269167257065855528611741500025477",
                "14136216880443083922228792084368357903",
                "308585633961784689412430179420870598457",
                "128309604439848126161042702311541266943",
                "151843754083868116041010403313887337385"
            ]
        },
        "target": {
            "file": "src/test/test-conf-files.c"
        },
        "id": "CVE-2016-10156-14049a83",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "884391527119032421930507393033943967",
                "71444658684207020711684283464577893821",
                "129040058516969266729007866096539935790",
                "171985266963045669393736977086235467711",
                "167028769458000049328164706596134535271",
                "325425461498447324481272706372516446726",
                "73487370959010915169797254673591995470",
                "166827898435921037420828712229566259421"
            ]
        },
        "target": {
            "file": "src/core/timer.c"
        },
        "id": "CVE-2016-10156-4267b89a",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "16651552642822266066331222789744711377",
            "length": 765.0
        },
        "target": {
            "function": "touch_file",
            "file": "src/basic/fs-util.c"
        },
        "id": "CVE-2016-10156-50486a66",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "202510193103278909526249463735252315663",
            "length": 126.0
        },
        "target": {
            "function": "touch",
            "file": "src/basic/fs-util.c"
        },
        "id": "CVE-2016-10156-743c9fdd",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "205574758964764086577373846803576665817",
                "26172775453165720180949406021269219765",
                "260867573201901865531530435359545172204",
                "253223367683081464670724374397409422548"
            ]
        },
        "target": {
            "file": "src/basic/fs-util.c"
        },
        "id": "CVE-2016-10156-868d732b",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "97400082154898398970675292924757582953",
                "110083905208857346320650848691103642371",
                "307475506367816187332214095585553537513",
                "135927274798206812626501416543824620549",
                "3601903755967494894851062893010901710",
                "220389832517227226628827653175591840104",
                "13230225266436895651077031958836395872",
                "150678483076905833111675878602351293786"
            ]
        },
        "target": {
            "file": "src/basic/fs-util.c"
        },
        "id": "CVE-2016-10156-a191707d",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "5821552094425570502963670811945135628",
            "length": 375.0
        },
        "target": {
            "function": "setup_test_dir",
            "file": "src/test/test-conf-files.c"
        },
        "id": "CVE-2016-10156-a8fd9cc9",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "5027209638548168649191285761072337226",
            "length": 693.0
        },
        "target": {
            "function": "timer_enter_running",
            "file": "src/core/timer.c"
        },
        "id": "CVE-2016-10156-b754c4cb",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "296421973068010747095949689944144467270",
            "length": 749.0
        },
        "target": {
            "function": "timer_start",
            "file": "src/core/timer.c"
        },
        "id": "CVE-2016-10156-b9e14642",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f",
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10156.json"
vanir_signatures_modified
"2026-07-08T12:43:30Z"

Git / github.com/systemd/systemd-stable

Affected ranges

Type
GIT
Repo
https://github.com/systemd/systemd-stable
Events
Database specific
{
    "cpe": "cpe:2.3:a:systemd_project:systemd:228:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "228"
        },
        {
            "last_affected": "228"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

Other
228
v228

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10156.json"