CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
References
Link Resource
http://www.openwall.com/lists/oss-security/2017/07/02/1 Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/99507 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038839 Third Party Advisory VDB Entry
https://github.com/systemd/systemd/issues/6237 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

History

31 Jan 2022, 18:22

Type Values Removed Values Added
References (BID) http://www.securityfocus.com/bid/99507 - (BID) http://www.securityfocus.com/bid/99507 - Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id/1038839 - (SECTRACK) http://www.securitytracker.com/id/1038839 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:* cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
CWE CWE-20 CWE-269

Information

Published : 2017-07-07 17:29

Updated : 2024-10-11 16:41


NVD link : CVE-2017-1000082

Mitre link : CVE-2017-1000082

CVE.ORG link : CVE-2017-1000082


JSON object : View

Products Affected

systemd_project

  • systemd
CWE
CWE-269

Improper Privilege Management