PT-2017-2827 · Systemd+1 · Systemd+1

Maplerayo

Published

2017-07-07

Updated

2025-06-27

CVE-2017-1000082

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions systemd versions prior to v233

Description The issue arises from insufficient input validation in the systemd daemon's username parsing functionality, specifically when encountering usernames that start with a numeric digit. This can lead to a service being run with root privileges instead of the intended user. The problem can potentially be exploited by a remote attacker to gain elevated access.

Recommendations For versions prior to v233, consider disabling services that use usernames starting with numeric digits until a patch is available. Restrict access to sensitive services to minimize the risk of exploitation. Avoid using usernames that start with numeric digits in the affected systemd versions.

Fix

Improper Privilege Management

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-20

Related Identifiers

ALT-PU-2017-1893

BDU:2017-02107

CVE-2017-1000082

Affected Products

Alt Linux

Systemd

PT-2017-2827 · Systemd+1 · Systemd+1

CVE-2017-1000082

Weakness Enumeration

Related Identifiers

Affected Products

References · 26