systemd Username Validation Flaw Lets Local Users Start Services With Higher Privileges Than Expected
|
SecurityTracker Alert ID: 1038839 |
SecurityTracker URL: http://securitytracker.com/id/1038839
|
CVE Reference:
CVE-2017-1000082
(Links to External Site)
|
Date: Jul 7 2017
|
Impact:
Modification of system information
|
Vendor Confirmed: Yes Exploit Included: Yes
|
|
Description:
A vulnerability was reported in systemd. A local user can cause a service to run with higher privileges than expected.
A non-privileged user with a specially crafted username (that begins with a numeric character) can start a service with root privileges.
[Editor's note: A username beginning with a digit is ostensibly not permitted on some Linux-based systems.]
mapleray reported this vulnerability.
|
Impact:
A local user can cause a service to run with higher privileges than expected.
|
Solution:
No solution was available at the time of this entry.
|
Cause:
Access control error, Input validation error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|