CVE-2020-13776
Published: 3 June 2020
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
Notes
Author | Note |
---|---|
mdeslaur | The administrator would have to create a systemd service unit with a numerical username or a username starting with 0x as a User= value, and that particular userid would need to exist on the system. Setting priority to low due to this unlikely scenario. Fixing this requires an extensive backport that refactors integer parsing in systemd and the risk of regressions stemming from the behavioural change outweighs the severity of this issue. We will not be fixing this issue in stable Ubuntu releases. |
Mitigation
mdeslaur> Do not create systemd service units with a User= value set to mdeslaur> a numerical username or a username that starts with 0x
Priority
Status
Package | Release | Status |
---|---|---|
systemd Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
|
|
trusty |
Ignored
|
|
upstream |
Released
(246-2)
|
|
xenial |
Ignored
|
|
Patches: upstream: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843 upstream: https://github.com/systemd/systemd/commit/6495ceddf38aed2c9efdcf9d3440140190800b55 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.7 |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |