systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
References
Link | Resource |
---|---|
https://github.com/systemd/systemd/issues/15985 | Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/ | |
https://security.netapp.com/advisory/ntap-20200611-0003/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
31 Jan 2022, 18:40
Type | Values Removed | Values Added |
---|---|---|
First Time |
Systemd Project
Fedoraproject fedora Systemd Project systemd Fedoraproject |
|
CPE | cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
CWE | CWE-269 | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/ - Third Party Advisory | |
References | (MISC) https://github.com/systemd/systemd/issues/15985 - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2020-06-03 03:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-13776
Mitre link : CVE-2020-13776
CVE.ORG link : CVE-2020-13776
JSON object : View
Products Affected
netapp
- active_iq_unified_manager
- solidfire_\&_hci_management_node
systemd_project
- systemd
fedoraproject
- fedora
CWE
CWE-269
Improper Privilege Management