{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-30T20:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/systemd/systemd/issues/15985"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200611-0003/"}, {"name": "FEDORA-2020-2faf839786", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13776", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/systemd/systemd/issues/15985", "refsource": "MISC", "url": "https://github.com/systemd/systemd/issues/15985"}, {"name": "https://security.netapp.com/advisory/ntap-20200611-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200611-0003/"}, {"name": "FEDORA-2020-2faf839786", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:25:16.521Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/systemd/systemd/issues/15985"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200611-0003/"}, {"name": "FEDORA-2020-2faf839786", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13776", "datePublished": "2020-06-03T02:05:22", "dateReserved": "2020-06-03T00:00:00", "dateUpdated": "2024-08-04T12:25:16.521Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "10761C00-6450-4377-8DFC-16AE46BE54BB", "versionEndIncluding": "245", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082."}, {"lang": "es", "value": "systemd versiones hasta v245 maneja inapropiadamente los nombres de usuario num\u00e9ricos, tales como los compuestos por d\u00edgitos decimales o 0x seguidos de d\u00edgitos hexadecimales, como es demostrado por el uso de privilegios root cuando era previsto privilegios de la cuenta de usuario 0x0. NOTA: este problema se presenta debido a una correcci\u00f3n incompleta para CVE-2017-1000082."}], "id": "CVE-2020-13776", "lastModified": "2023-11-07T03:16:58.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-03T03:15:10.677", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/issues/15985"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200611-0003/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1611", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "systemd-0:239-45.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:3900", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "systemd-0:239-31.el8_2.7", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-10-19T00:00:00Z"}], "bugzilla": {"description": "systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits", "id": "1845534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845534"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-440", "details": ["systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.", "A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or \"0x\" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw allows local attackers to elevate their privileges."], "mitigation": {"lang": "en:us", "value": "Do not use `User=` directive in services with numerical usernames composed by decimal digits or starting with \"0x\" followed by hexadecimal digits (e.g. 0x[0-9A-Fa-f]+)."}, "name": "CVE-2020-13776", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2020-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-13776\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13776"], "statement": "The flaw is rated as Moderate because several uncommon conditions have to be met to make it exploitable. Numerical usernames with decimal digits or starting with \"0x\" followed by hexadecimal digits must exist on the system. Systemd would need to process those particular usernames (e.g. while using the `User=` directive in a systemd service unit). If the service was supposed to run as a regular user and the binary being executed can be controlled by a local attacker, he could abuse this flaw to unexpectedly execute code as a root when the service is started. If the service was run as a regular user to limit the impact of a possible flaw in the service, this flaw would not provide the intended additional protection.", "threat_severity": "Moderate"}