CVE-2016-10151

Name of the Vulnerable Software and Affected Versions Hesiod version 3.2.1

Description The issue allows local users to gain privileges by leveraging certain SUID/SGUID binary, using the HESIOD CONFIG or HES DOMAIN environment variables. This is due to the hesiod init function comparing EUID with UID to determine whether to use configurations from environment variables.

Recommendations For Hesiod version 3.2.1, consider restricting access to SUID/SGUID binaries and avoid using the HESIOD CONFIG or HES DOMAIN environment variables until a patch is available. As a temporary workaround, consider disabling the hesiod init function until a fix is provided.