发布时间: 2022年2月26日
修改时间: 2024年10月31日
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Local | Local |
| CVSS评分 | 6.7 | 6.7 |
| Attack Complexity | High | High |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | Required | Required |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1050 | systemd security update | 2022年2月26日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | systemd | Fixed |
| KY3.4-5A | systemd | Fixed |
