PT-2020-5317 · Linux+4 · Systemd+4

Published

2020-03-24

Updated

2022-02-26

CVE-2020-13776

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd versions prior to v245

Description The issue is related to a lack of input validation in the Linux systemd initialization and service management subsystem. This can be exploited by an attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The problem arises from the mishandling of numerical usernames, such as those composed of decimal digits or 0x followed by hex digits. For example, this can lead to the use of root privileges when the privileges of the 0x0 user account were intended.

Recommendations For versions prior to v245, update to version v245 or later to resolve the issue. As a temporary workaround, consider restricting the use of numerical usernames to minimize the risk of exploitation.

Fix

RCE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-269

Related Identifiers

ALT-PU-2020-1560

ALT-PU-2020-2947

ALT-PU-2020-2948

ALT-PU-2021-1673

ALT-PU-2021-1950

BDU:2021-00092

CESA-2021_1611

CVE-2020-13776

MGASA-2021-0304

OESA-2022-1538

RHSA-2021:1611

RHSA-2021:3900

RHSA-2021_1611

RLSA-2021:1611

Affected Products

Alt Linux

Centos

Red Hat

Rocky Linux

Systemd

PT-2020-5317 · Linux+4 · Systemd+4

CVE-2020-13776

Weakness Enumeration

Related Identifiers

Affected Products

References · 49