Vulnerability in systemd Affects User Account Privileges and Security
CVE-2020-13776

6.7MEDIUM

Key Information:

Vendor

Systemd Project

Status
Systemd
Vendor
CVE Published:
3 June 2020

What is CVE-2020-13776?

An issue has been identified in systemd versions up to v245 where numerical usernames, specifically those comprised solely of decimal digits or formatted as hex digits (e.g., 0x0), are improperly processed. This vulnerability can lead to unintended elevation of privileges, granting root access where such privileges were not intended for the 0x0 user account. This flaw arises from an incomplete resolution of a prior issue reported in CVE-2017-1000082, exposing systems to increased security risks.

References

https://github.com/systemd/systemd/issues/15985
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200611-0003/
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.