Описание
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| systemd | fixed | 234-1 | package | |
| systemd | not-affected | jessie | package | |
| systemd | not-affected | wheezy | package |
Примечания
https://github.com/systemd/systemd/issues/6237
Fixed by: https://github.com/systemd/systemd/commit/bb28e68477a3a39796e4999a6cbc6ac6345a9159
https://www.openwall.com/lists/oss-security/2017/07/02/1
EPSS
Связанные уязвимости
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
Уязвимость службы анализирования имен пользователей демона Systemd, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю запустить службу с root-привилегиями
EPSS