December 9, 2023

A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME’s D-Bus service, AccountsService component.

Tracked as CVE-2021-3939 was accidentally spotted by Researcher while testing an exploit demo for another AccountsService bug that also made it possible to escalate privileges to root on vulnerable devices.

Advertisements

AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command. This affects only Ubuntu’s fork of AccountsService. Versions impacted by this vulnerability include Ubuntu 21.10, Ubuntu 21.04, and Ubuntu 20.04 LTS.

This privilege escalation flaw was fixed by Canonical in November when AccountsService versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1 were released.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023
%d