Security News > 2020 > November > Ubuntu's Gnome desktop could be tricked into giving root access
A vulnerability in GNOME Display Manager could allow a standard user to create accounts with increased privileges, giving a local attacker a path to run code with administrator permissions.
The process involves running a few simple commands in the terminal and modifying general system settings that do not require increased rights.
GitHub's security researcher Kevin Backhouse discovered a simple way to trick an already set up Ubuntu system into running the account configuration routine for a new system.
"Ubuntu's patch adds a function named is in pam environment, which looks for a file named.pam environment in the user's home directory and reads it. The denial of service vulnerability works by making.pam environment a symlink to /dev/zero. /dev/zero is a special file that doesn't actually exist on disk. It is provided by the operating system and behaves like an infinitely long file in which every byte is zero. When is in pam environment tries to read.pam environment, it gets redirected to /dev/zero by the symlink, and then gets stuck in an infinite loop because /dev/zero is infinitely long" - Kevin Backhouse, GitHub Security Lab.
Without the AccountsService running, gdm3 has no clue about the accounts present on the machine and provides the option to create a new one with root privileges, as in the case of a first-time setup.