CVE-2020-16126

Published: Nov 11, 2020Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

Affected (1)

Products: Freedesktop: Accountsservice

1 product

Accountsservice

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freedesktop Accountsservice	Before 0.6.55

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS

Source: security@ubuntu.com

ExploitThird Party Advisory

https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.