Candidate: CVE-2020-13776
PublicDate: 2020-06-03 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776
Description:
 systemd through v245 mishandles numerical usernames such as ones composed
 of decimal digits or 0x followed by hex digits, as demonstrated by use of
 root privileges when privileges of the 0x0 user account were intended.
 NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
Ubuntu-Description:
Notes:
 mdeslaur> The administrator would have to create a systemd service unit
 mdeslaur> with a numerical username or a username starting with 0x as a
 mdeslaur> User= value, and that particular userid would need to exist on
 mdeslaur> the system. Setting priority to low due to this unlikely
 mdeslaur> scenario.
 mdeslaur>
 mdeslaur> Fixing this requires an extensive backport that refactors
 mdeslaur> integer parsing in systemd and the risk of regressions stemming
 mdeslaur> from the behavioural change outweighs the severity of this
 mdeslaur> issue. We will not be fixing this issue in stable Ubuntu
 mdeslaur> releases.
Mitigation:
 mdeslaur> Do not create systemd service units with a User= value set to
 mdeslaur> a numerical username or a username that starts with 0x
Bugs:
 https://github.com/systemd/systemd/issues/15985
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H [6.7 MEDIUM]


Patches_systemd:
 upstream: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843
 upstream: https://github.com/systemd/systemd/commit/6495ceddf38aed2c9efdcf9d3440140190800b55
upstream_systemd: released (246-2)
precise/esm_systemd: DNE
trusty_systemd: ignored (out of standard support)
trusty/esm_systemd: ignored
xenial_systemd: ignored
esm-infra/xenial_systemd: ignored
bionic_systemd: ignored
eoan_systemd: ignored (reached end-of-life)
focal_systemd: ignored
devel_systemd: not-affected (246.6-1ubuntu1)