vulnerability
Amazon Linux AMI 2: CVE-2020-13776: Security patch for systemd (ALAS-2022-1854)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:N/C:C/I:C/A:C) | Jun 3, 2020 | Oct 11, 2022 | Oct 11, 2022 |
Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:C)
Published
Jun 3, 2020
Added
Oct 11, 2022
Modified
Oct 11, 2022
Description
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
Solutions
amazon-linux-ami-2-upgrade-libgudev1amazon-linux-ami-2-upgrade-libgudev1-develamazon-linux-ami-2-upgrade-systemdamazon-linux-ami-2-upgrade-systemd-debuginfoamazon-linux-ami-2-upgrade-systemd-develamazon-linux-ami-2-upgrade-systemd-journal-gatewayamazon-linux-ami-2-upgrade-systemd-libsamazon-linux-ami-2-upgrade-systemd-networkdamazon-linux-ami-2-upgrade-systemd-pythonamazon-linux-ami-2-upgrade-systemd-resolvedamazon-linux-ami-2-upgrade-systemd-sysv
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.