oss-sec mailing list archives
Re: Headsup: systemd v228 local root exploit (CVE-2016-10156)
From: Daniel Micay <danielmicay () gmail com>
Date: Tue, 24 Jan 2017 16:52:29 -0500
On Wed, 2017-01-25 at 01:20 +0500, Alexander E. Patrakov wrote:
2017-01-24 13:55 GMT+05:00 Sebastian Krahmer <krahmer () suse com>:Hi This is a heads up for a trivial systemd local root exploit, that was silently fixed in the upstream git as: commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e Author: .... Date: Fri Jan 29 23:36:08 2016 +0200 basic: fix touch() creating files with 07777 modeThat's important for users of Arch Linux and other rolling distributions. If the system has booted the vulnerable version of systemd at least once, then the files with dangerous permissions will be there. There is no code in systemd that fixes permissions on already existing stamp files. There is no postinstall script in Arch that does it, either. So, you have to fix permissions to 0644 or remove the stamp files manually, once, even though the commit appeared in Arch repositories long time ago.
/run is a tmpfs
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Headsup: systemd v228 local root exploit (CVE-2016-10156) Sebastian Krahmer (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Alexander E. Patrakov (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Alexander E. Patrakov (Jan 24)