CVE-2017-1000082 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.

View Analysis Description Analysis Description systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 9.8 CRITICAL Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 10.0 HIGH Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source CWE-20 Improper Input Validation NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 3 change records found show changes CVE Modified by MITRE 7/22/2017 9:29:01 PM Action Type Old Value New Value Added Reference http://www.securitytracker.com/id/1038839 [No Types Assigned]



CVE Modified by MITRE 7/12/2017 9:29:01 PM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/99507 [No Types Assigned]



Initial Analysis 7/12/2017 10:26:56 AM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:freedesktop:systemd:233:*:*:*:*:*:*:* (and previous)



Added CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C)



Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H



Added CWE CWE-20



Changed Reference Type http://www.openwall.com/lists/oss-security/2017/07/02/1 No Types Assigned



http://www.openwall.com/lists/oss-security/2017/07/02/1 Mailing List, Patch, Third Party Advisory



Changed Reference Type https://github.com/systemd/systemd/issues/6237 No Types Assigned



https://github.com/systemd/systemd/issues/6237 Issue Tracking, Patch, Third Party Advisory



Quick Info CVE Dictionary Entry:

CVE-2017-1000082

NVD Published Date:

07/07/2017

NVD Last Modified:

07/22/2017

Source:

MITRE

