CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/07/02/1	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/99507	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038839	Third Party Advisory VDB Entry
https://github.com/systemd/systemd/issues/6237	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

History

31 Jan 2022, 18:22

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-269
First Time		Systemd Project Systemd Project systemd
References	~~(SECTRACK) http://www.securitytracker.com/id/1038839 -~~	(SECTRACK) http://www.securitytracker.com/id/1038839 - Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/99507 -~~	(BID) http://www.securityfocus.com/bid/99507 - Third Party Advisory, VDB Entry
CPE	cpe:2.3:a:freedesktop:systemd::::::::	cpe:2.3:a:systemd_project:systemd::::::::

Information

Published : 2017-07-07 17:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-1000082

Mitre link : CVE-2017-1000082

CVE.ORG link : CVE-2017-1000082

JSON object : View

Products Affected

systemd_project

systemd

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2017-1000082", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-07-07T17:29:00.277", "references": [{"url": "http://www.openwall.com/lists/oss-security/2017/07/02/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99507", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1038839", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/systemd/systemd/issues/6237", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended."}, {"lang": "es", "value": "systemd versi\u00f3n v233 y anteriores, no pueden analizar de forma segura los nombres de usuario que comienzan con un d\u00edgito num\u00e9rico (por ejemplo, \"\"0day\"\"), ejecutando el servicio en cuesti\u00f3n con privilegios root en lugar de lo que el usuario desea."}], "lastModified": "2022-01-31T18:22:31.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E819026E-9D55-416F-8781-3B8C9C6A1776", "versionEndIncluding": "233"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}