CVE-2017-1000082

Critical

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with…

mitre·CWE-269·Published 2017-07-07

CVSS

9.8

EPSS

0.04

KEV

Exploits

cve.orgen

185 chars

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.

NVDen

185 chars

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.

systemd versión v233 y anteriores, no pueden analizar de forma segura los nombres de usuario que comienzan con un dígito numérico (por ejemplo, ""0day""), ejecutando el servicio en cuestión con privilegios root en lugar de lo que el usuario desea.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H