CVE-2016-10151
Publication date 1 March 2017
Last updated 25 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| hesiod | ||
| 18.04 LTS bionic |
Fixed 3.2.1-3.1~build0.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 3.2.1-3.1~build0.16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.0 · High
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H