systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. 0day), running the service in question with root privileges rather than the user intended.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Systemd | Systemd_project | 229 (including) | 234 (excluding) |
Systemd | Ubuntu | esm-infra/xenial | * |
Systemd | Ubuntu | upstream | * |
Systemd | Ubuntu | vivid/ubuntu-core | * |
Systemd | Ubuntu | xenial | * |
Systemd | Ubuntu | yakkety | * |
Systemd | Ubuntu | zesty | * |