10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.7%
systemd through v245 mishandles numerical usernames such as ones composed
of decimal digits or 0x followed by hex digits, as demonstrated by use of
root privileges when privileges of the 0x0 user account were intended.
NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
Author | Note |
---|---|
mdeslaur | The administrator would have to create a systemd service unit with a numerical username or a username starting with 0x as a User= value, and that particular userid would need to exist on the system. Setting priority to low due to this unlikely scenario. Fixing this requires an extensive backport that refactors integer parsing in systemd and the risk of regressions stemming from the behavioural change outweighs the severity of this issue. We will not be fixing this issue in stable Ubuntu releases. |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.7%