Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2020-13776
HistoryJun 03, 2020 - 12:00 a.m.

CVE-2020-13776

2020-06-0300:00:00
ubuntu.com
ubuntu.com
11

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

11.7%

JSON

systemd through v245 mishandles numerical usernames such as ones composed
of decimal digits or 0x followed by hex digits, as demonstrated by use of
root privileges when privileges of the 0x0 user account were intended.
NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

Bugs

Notes

Author Note
mdeslaur The administrator would have to create a systemd service unit with a numerical username or a username starting with 0x as a User= value, and that particular userid would need to exist on the system. Setting priority to low due to this unlikely scenario. Fixing this requires an extensive backport that refactors integer parsing in systemd and the risk of regressions stemming from the behavioural change outweighs the severity of this issue. We will not be fixing this issue in stable Ubuntu releases.

Related

osv 3
openvas 8
nessus 18
veracode 1
prion 2
cve 2
f5 1
debiancve 2
broadcom 1
ubuntucve 1
redhatcve 2
altlinux 1
fedora 1
mageia 1
cbl_mariner 1
rocky 1
oraclelinux 1
redhat 12
almalinux 1
photon 6
amazon 1
kitploit 1
rosalinux 1
ibm 2
ics 1
osv
osv
CVE-2020-13776
2020-06-03 03:15:10
CVE-2017-1000082
2017-07-07 17:29:00
Moderate: systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
openvas
openvas
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2021-1258)
2021-02-05 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2021-1534)
2021-03-05 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2021-1174)
2021-02-02 00:00:00
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.6.0 : systemd (EulerOS-SA-2021-1534)
2021-03-04 00:00:00
EulerOS 2.0 SP9 : systemd (EulerOS-SA-2021-1277)
2021-02-05 00:00:00
EulerOS 2.0 SP9 : systemd (EulerOS-SA-2021-1258)
2021-02-05 00:00:00
veracode
veracode
Privilege Escalation
2020-06-04 05:32:51
prion
prion
Buffer overflow
2020-06-03 03:15:00
Design/Logic Flaw
2017-07-07 17:29:00
cve
cve
CVE-2020-13776
2020-06-03 03:15:00
CVE-2017-1000082
2017-07-07 17:29:00
f5
f5
K04572666 : systemd vulnerability CVE-2020-13776
2020-07-02 00:00:00
debiancve
debiancve
CVE-2020-13776
2020-06-03 03:15:00
CVE-2017-1000082
2017-07-07 17:29:00
broadcom
broadcom
A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits.(CVE-2020-13776)
2023-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2017-1000082
2017-07-07 00:00:00
redhatcve
redhatcve
CVE-2017-1000082
2017-07-07 04:48:35
CVE-2020-13776
2020-06-09 13:24:53
altlinux
altlinux
Security fix for the ALT Linux 9 package systemd version 1:243.9-alt1
2020-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: systemd-245.7-1.fc32
2020-07-30 18:57:56
mageia
mageia
Updated systemd packages fix a security vulnerability
2021-07-01 02:58:41
cbl_mariner
cbl_mariner
CVE-2020-13776 affecting package systemd 239-44
2020-11-30 19:30:44
rocky
rocky
systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
oraclelinux
oraclelinux
systemd security, bug fix, and enhancement update
2021-05-25 00:00:00
redhat
redhat
(RHSA-2021:3900) Moderate: systemd security update
2021-10-19 06:25:55
(RHSA-2021:1611) Moderate: systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
(RHSA-2021:4582) Moderate: Release of components for Service Telemetry Framework 1.3.3 - Container Images
2021-11-10 07:54:39
almalinux
almalinux
Moderate: systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0252
2020-06-10 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0252
2020-06-10 00:00:00
Important Photon OS Security Update - PHSA-2020-0103
2020-06-12 00:00:00
amazon
amazon
Important: systemd
2022-09-30 07:04:00
kitploit
kitploit
Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities
2022-03-09 20:30:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1982
2021-07-02 18:13:58
ibm
ibm
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
2021-12-03 18:52:37
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs
2021-10-19 15:38:04
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

11.7%

JSON
Related for UB:CVE-2020-13776
osv3openvas8nessus18veracode1prion2cve2f51debiancve2broadcom1ubuntucve1redhatcve2altlinux1fedora1mageia1cbl_mariner1rocky1oraclelinux1redhat12almalinux1photon6amazon1kitploit1rosalinux1ibm2ics1