Vulnerability Details : CVE-2016-10152
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
Products affected by CVE-2016-10152
- cpe:2.3:a:hesiod_project:hesiod:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10152
4.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10152
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-10152
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10152
-
https://github.com/achernya/hesiod/pull/10
Remove hard-coded default for RHS by nalind · Pull Request #10 · achernya/hesiod · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/90952
Hesiod Security Bypass and Privilege Escalation VulnerabilitiesThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201805-01
hesiod: Root privilege escalation (GLSA 201805-01) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=1332493
1332493 – (CVE-2016-10152) CVE-2016-10152 hesiod: Use of hard-coded unsafe configuration if configuration file cannot be openedIssue Tracking
-
http://www.openwall.com/lists/oss-security/2017/01/21/1
oss-security - Re: CVE Request: two flaws in hesiod permitting privilege elevationMailing List;Patch;Third Party Advisory
Jump to