CVE-2020-13776

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
systemd_projectsystemd
𝑥
≤ 245
netappactive_iq_unified_manager
-
netappsolidfire_\&_hci_management_node
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bookworm
252.30-1~deb12u2
fixed
bullseye
247.3-7+deb11u5
fixed
bullseye (security)
247.3-7+deb11u6
fixed
buster
not-affected
sid
256.7-3
fixed
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
bionic
ignored
eoan
ignored
focal
ignored
trusty
ignored
xenial
ignored
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
systemd
RHEL 8
0:239-45.el8
fixed
RHEL 8.2 AUS
0:239-31.el8_2.7
fixed
RHEL 8.2 E4S
0:239-31.el8_2.7
fixed
RHEL 8.2 EUS
0:239-31.el8_2.7
fixed
RHEL 8.2 TUS
0:239-31.el8_2.7
fixed
systemd-container
RHEL 8
0:239-45.el8
fixed
RHEL 8.2 AUS
0:239-31.el8_2.7
fixed
RHEL 8.2 E4S
0:239-31.el8_2.7
fixed
RHEL 8.2 EUS
0:239-31.el8_2.7
fixed
RHEL 8.2 TUS
0:239-31.el8_2.7
fixed
systemd-devel
RHEL 8
0:239-45.el8
fixed
RHEL 8.2 AUS
0:239-31.el8_2.7
fixed
RHEL 8.2 E4S
0:239-31.el8_2.7
fixed
RHEL 8.2 EUS
0:239-31.el8_2.7
fixed
RHEL 8.2 TUS
0:239-31.el8_2.7
fixed
systemd-journal-remote
RHEL 8
0:239-45.el8
fixed
RHEL 8.2 AUS
0:239-31.el8_2.7
fixed
RHEL 8.2 E4S
0:239-31.el8_2.7
fixed
RHEL 8.2 EUS
0:239-31.el8_2.7
fixed
RHEL 8.2 TUS
0:239-31.el8_2.7
fixed
systemd-libs
RHEL 8
0:239-45.el8
fixed
RHEL 8.2 AUS
0:239-31.el8_2.7
fixed
RHEL 8.2 E4S
0:239-31.el8_2.7
fixed
RHEL 8.2 EUS
0:239-31.el8_2.7
fixed
RHEL 8.2 TUS
0:239-31.el8_2.7
fixed
systemd-pam
RHEL 8
0:239-45.el8
fixed
RHEL 8.2 AUS
0:239-31.el8_2.7
fixed
RHEL 8.2 E4S
0:239-31.el8_2.7
fixed
RHEL 8.2 EUS
0:239-31.el8_2.7
fixed
RHEL 8.2 TUS
0:239-31.el8_2.7
fixed
systemd-tests
RHEL 8
0:239-45.el8
fixed
RHEL 8.2 AUS
0:239-31.el8_2.7
fixed
RHEL 8.2 E4S
0:239-31.el8_2.7
fixed
RHEL 8.2 EUS
0:239-31.el8_2.7
fixed
RHEL 8.2 TUS
0:239-31.el8_2.7
fixed
systemd-udev
RHEL 8
0:239-45.el8
fixed
RHEL 8.2 AUS
0:239-31.el8_2.7
fixed
RHEL 8.2 E4S
0:239-31.el8_2.7
fixed
RHEL 8.2 EUS
0:239-31.el8_2.7
fixed
RHEL 8.2 TUS
0:239-31.el8_2.7
fixed
Common Weakness Enumeration
References
https://github.com/systemd/systemd/issues/15985
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/
https://security.netapp.com/advisory/ntap-20200611-0003/
https://github.com/systemd/systemd/issues/15985
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/
https://security.netapp.com/advisory/ntap-20200611-0003/