systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
References
Link | Resource |
---|---|
https://github.com/systemd/systemd/issues/15985 | Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/ | |
https://security.netapp.com/advisory/ntap-20200611-0003/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-03T02:05:22
Updated: 2020-07-30T20:06:17
Reserved: 2020-06-03T00:00:00
Link: CVE-2020-13776
JSON object: View
NVD Information
Status : Modified
Published: 2020-06-03T03:15:10.677
Modified: 2023-11-07T03:16:58.343
Link: CVE-2020-13776
JSON object: View
Redhat Information
No data.
CWE