Описание
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 234-2ubuntu12.1 |
| devel | not-affected | 235-3ubuntu3 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/xenial | ignored | |
| precise/esm | DNE | |
| trusty | not-affected | code not present |
| trusty/esm | not-affected | code not present |
| upstream | released | 234-1 |
| vivid/ubuntu-core | ignored | end of life |
| xenial | ignored |
Показывать по
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
systemd v233 and earlier fails to safely parse usernames starting with ...
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
Уязвимость службы анализирования имен пользователей демона Systemd, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю запустить службу с root-привилегиями
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3