Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-13776

Published: 3 June 2020

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

Notes

AuthorNote
mdeslaur
The administrator would have to create a systemd service unit
with a numerical username or a username starting with 0x as a
User= value, and that particular userid would need to exist on
the system. Setting priority to low due to this unlikely
scenario.

Fixing this requires an extensive backport that refactors
integer parsing in systemd and the risk of regressions stemming
from the behavioural change outweighs the severity of this
issue. We will not be fixing this issue in stable Ubuntu
releases.

Mitigation

mdeslaur> Do not create systemd service units with a User= value set to
mdeslaur> a numerical username or a username that starts with 0x

Priority

Low

Cvss 3 Severity Score

6.7

Score breakdown

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
bionic Ignored

eoan Ignored
(end of life)
focal Ignored

trusty Ignored

upstream
Released (246-2)
xenial Ignored

Patches:
upstream: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843
upstream: https://github.com/systemd/systemd/commit/6495ceddf38aed2c9efdcf9d3440140190800b55

Severity score breakdown

Parameter Value
Base score 6.7
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H