May 31, 2023

A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME’s D-Bus service, AccountsService component.

Tracked as CVE-2021-3939 was accidentally spotted by Researcher while testing an exploit demo for another AccountsService bug that also made it possible to escalate privileges to root on vulnerable devices.

Advertisements

AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command. This affects only Ubuntu’s fork of AccountsService. Versions impacted by this vulnerability include Ubuntu 21.10, Ubuntu 21.04, and Ubuntu 20.04 LTS.

This privilege escalation flaw was fixed by Canonical in November when AccountsService versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1 were released.

Tags:

Leave a Reply

You may have missed

Mirai Bots Targeting IoT Devices

Mirai Bots Targeting IoT Devices

May 30, 2023
Watering hole attack from Tortoiseshell group

Watering hole attack from Tortoiseshell group

May 29, 2023
New TLD Based Phishing Campaign

New TLD Based Phishing Campaign

May 29, 2023
CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
%d bloggers like this: