Re: systemd fails to parse user that should run service

[Kurt Seifried <kseifried () redhat com>]

On Sun, Jul 2, 2017 at 3:08 AM, Daniel Skowroński <daniel () dsinf net> wrote:

> Hi all,
>
> Just wanted to bring attention to issue with systemd not doing what is
> expected when parsing User that should run service.
> When it fails to parse string starting with digit it fails back to root
> causing obvious threat to security.
>
> See discussion with developer on github: https://github.com/systemd/
> systemd/issues/6237
>
> Best,
> -Daniel Skowronski

I've assigned CVE-2017-1000082 for this issue. Lennart is CC'ed.


{"data_version":"4.0","references":{"reference_data":[{"url":"
https://github.com/systemd/systemd/issues/6237"},{"url":";
http://www.openwall.com/lists/oss-security/2017/07/02/1"}]},"description":{"description_data":[{"lang":"eng","value":"systemd
v233 and earlier fails to safely parse usernames starting with a numeric
digit (e.g. \"0day\"), running the service in quesiton with root privileges
rather than the user
intended"}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"v223
and
earlier"}]},"product_name":"systemd"}]},"vendor_name":"systemd"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"2017-70-06","STATE":"PUBLIC","ID":"CVE-2017-1000082","ASSIGNER":"
kurt () seifried org","REQUESTER":"kseifried () redhat com
"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20"}]}]}}


-- 

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert () redhat com