9140 – (CVE-2017-1000082) Systemd fails to parse usernames that start with digits.

Bug 9140 (CVE-2017-1000082) - Systemd fails to parse usernames that start with digits.

Summary: Systemd fails to parse usernames that start with digits.

Status:	RESOLVED FIXED

Alias:	CVE-2017-1000082

Product:	ROSA Fresh
Classification:	ROSA-based products
Component:	System (kernel, glibc, systemd, bash, PAM...) (show other bugs)
Version:	Plasma5
Hardware:	All Linux

Importance:	Normal normal
Target Milestone:	---
Assignee:	ROSA Linux Bugs
QA Contact:	ROSA Linux Bugs

URL:	http://wiki.rosalab.ru/ru/index.php/R...
Whiteboard:

Depends on:
Blocks:

Reported:	2018-06-27 14:05 MSK by Ivan
Modified:	2021-11-03 16:17 MSK (History)
CC List:	2 users (show)

See Also:	https://github.com/systemd/systemd/issues/6237
Platform:	---
ROSA Vulnerability identifier:	ROSA-SA-18-06-27.001
RPM Package:	systemd-230-8-rosa2016.1
ISO-related:
Bad POT generating:
Upstream:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ivan 2018-06-27 14:05:35 MSK

Ssystemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.

Comment 1 Mikhail Novosyolov 2021-11-03 16:17:23 MSK

It was fixed by an update of systemd a long time ago.