systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Systemd | Systemd_project | * | 245 (including) |
| Red Hat Enterprise Linux 8 | RedHat | systemd-0:239-45.el8 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | systemd-0:239-31.el8_2.7 | * |
| Systemd | Ubuntu | bionic | * |
| Systemd | Ubuntu | eoan | * |
| Systemd | Ubuntu | esm-infra-legacy/trusty | * |
| Systemd | Ubuntu | esm-infra/bionic | * |
| Systemd | Ubuntu | esm-infra/focal | * |
| Systemd | Ubuntu | esm-infra/xenial | * |
| Systemd | Ubuntu | focal | * |
| Systemd | Ubuntu | trusty | * |
| Systemd | Ubuntu | trusty/esm | * |
| Systemd | Ubuntu | upstream | * |
| Systemd | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- https://github.com/systemd/systemd/issues/15985
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/
- https://security.netapp.com/advisory/ntap-20200611-0003/
- https://github.com/systemd/systemd/issues/15985
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/
- https://security.netapp.com/advisory/ntap-20200611-0003/