Security News > 2021 > December > Attackers can get root by crashing Ubuntu’s AccountsService

Attackers can get root by crashing Ubuntu’s AccountsService
2021-12-13 17:05

A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.

The security flaw was accidentally spotted by GitHub security researcher Kevin Backhouse while testing an exploit demo for another AccountsService bug that also made it possible to escalate privileges to root on vulnerable devices.

The bug only affects Ubuntu's fork of AccountsService.

Versions impacted by this vulnerability include Ubuntu 21.10, Ubuntu 21.04, and Ubuntu 20.04 LTS. This privilege escalation flaw was fixed by Canonical in November when AccountsService versions 0.6.55-0ubuntu12~20.

It doesn't matter since it can be executed until successful, seeing that the double-free bug allows crashing AccountsService as many times as needed.

"It relies on chance and the fact that I can keep crashing accountsservice until it's successful. But would an attacker care? It gets you a root shell, even if you have to wait a few hours," Backhouse said.


News URL

https://www.bleepingcomputer.com/news/security/attackers-can-get-root-by-crashing-ubuntu-s-accountsservice/