CVE-2020-13776

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
Configurations

Configuration 1 (hide)

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

History

07 Nov 2023, 03:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/', 'name': 'FEDORA-2020-2faf839786', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/ -

31 Jan 2022, 18:40

Type Values Removed Values Added
First Time Systemd Project
Fedoraproject fedora
Systemd Project systemd
Fedoraproject
CPE cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:* cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CWE CWE-20 CWE-269
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/ - Third Party Advisory
References (MISC) https://github.com/systemd/systemd/issues/15985 - Third Party Advisory (MISC) https://github.com/systemd/systemd/issues/15985 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2020-06-03 03:15

Updated : 2023-12-10 13:27


NVD link : CVE-2020-13776

Mitre link : CVE-2020-13776

CVE.ORG link : CVE-2020-13776


JSON object : View

Products Affected

netapp

  • active_iq_unified_manager
  • solidfire_\&_hci_management_node

systemd_project

  • systemd

fedoraproject

  • fedora
CWE
CWE-269

Improper Privilege Management