Input validation error in systemd - CVE-2020-13776

 

Input validation error in systemd - CVE-2020-13776

Published: July 6, 2020 / Updated: July 27, 2020


Vulnerability identifier: #VU29539
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear
CVE-ID: CVE-2020-13776
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Freedesktop.org
Affected software:
systemd

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to systemd mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended.


How to mitigate CVE-2020-13776

Install update from vendor's website.

Sources