Systemd v228 local root exploit
Systemd v228 local root exploit
[Security] Posted Jan 24, 2017 17:00 UTC (Tue) by jake
Sebastian Krahmer has reported that systemd
v228 is vulnerable to a trivial local root exploit that was silently fixed
a year ago. It is believed that it mostly affects v228, but he recommends
that distributions check to ensure they have the fix. No CVE was requested
by the project so the SUSE security team requested one and it was assigned
CVE-2016-10156. "The analysis says that is a 'possible DoS', but its
a local root
exploit indeed. Mode 07777 also contains the suid bit, so files
created by touch() are world writable suids, root owned. Such
as /var/lib/systemd/timers/stamp-fstrim.timer thats found on a non-nosuid
mount.
"