Vulnerability Description
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemd Project | Systemd | <= 245 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Solidfire \& Hci Management Node | - |
| Fedoraproject | Fedora | 32 |
Related Weaknesses (CWE)
References
- https://github.com/systemd/systemd/issues/15985Issue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20200611-0003/Third Party Advisory
- https://github.com/systemd/systemd/issues/15985Issue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20200611-0003/Third Party Advisory
FAQ
What is CVE-2020-13776?
CVE-2020-13776 is a vulnerability with a CVSS score of 6.7 (MEDIUM). systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user acco...
How severe is CVE-2020-13776?
CVE-2020-13776 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13776?
Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Netapp Active Iq Unified Manager, Netapp Solidfire \& Hci Management Node, Fedoraproject Fedora.