Attackers can get root by crashing Ubuntu’s AccountsService
Attackers can get root by crashing Ubuntu’s AccountsService
Police arrests ransomware affiliate behind high-profile attacks
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
Log4j: List of vulnerable products and vendor advisories
Google pushes emergency Chrome update to fix zero-day used in attacks
TinyNuke info-stealing malware is again attacking French users
Phishing campaign uses PowerPoint macros to drop Agent Tesla
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Attackers can get root by crashing Ubuntu’s AccountsService
A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME’s AccountsService component.
AccountsService is a D-Bus service that helps manipulate and query information attached to the user accounts available on a device.
The security flaw (a memory management bug tracked as CVE-2021-3939) was accidentally spotted by GitHub security researcher Kevin Backhouse while testing an exploit demo for another AccountsService bug that also made it possible to escalate privileges to root on vulnerable devices.
“AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command,” an Ubuntu security advisory explains.
Backhouse found that AccountsService incorrectly handled memory during some language setting operations, a flaw that local attackers could abuse to escalate privileges.
The bug only affects Ubuntu’s fork of AccountsService. Versions impacted by this vulnerability include Ubuntu 21.10, Ubuntu 21.04, and Ubuntu 20.04 LTS.
This privilege escalation flaw was fixed by Canonical in November when AccountsService versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1 were released. After applying the updates, you will also need to restart the computer to apply the changes.
As he explains, his CVE-2021-3939 proof of concept exploit is slow (could that several hours) and will not work every time. However, it doesn’t matter since it can be executed until successful, seeing that the double-free bug allows crashing AccountsService as many times as needed.
The only restriction to successfully exploiting this bug is that the AccountsService crashes are rate-limited by systemd, blocking attempts to restart it more than five times every 10 seconds.
PoC video for Ubuntu accountsservice CVE-2021-3939. It’s not quick, but it gets you a root shell eventually.
“It relies on chance and the fact that I can keep crashing accountsservice until it’s successful. But would an attacker care? It gets you a root shell, even if you have to wait a few hours,” Backhouse said.
“To me, it feels like magic that it’s even possible to exploit such a small bug, especially considering all the mitigations that have been added to make memory corruption vulnerabilities harder to exploit. Sometimes, all it takes to get root is a little wishful thinking!”
Further details on how the vulnerability was found and the exploit developed are available in Backhouse’s CVE-2021-3939 writeup.
Earlier this year, the researcher found an authentication bypass vulnerability in the polkit Linux system service that enabled unprivileged attackers to get a root shell on most modern distros.
New Windows 10 zero-day gives admin rights, gets unofficial patch
Zero-day bug in all Windows versions gets free unofficial patch
Canonical launches Ubuntu 21.10 for desktop and server
Kali Linux 2021.4 released with 9 new tools, further Apple M1 support
Windows ‘InstallerFileTakeOver’ zero-day bug gets free micropatch
Not a member yet? Register Now
Hackers start pushing malware in worldwide Log4Shell attacks
Kronos ransomware attack may cause weeks of HR solutions downtime
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Microsoft Exchange servers hacked in internal reply-chain attacks

Microsoft: Office 365 will boost default protection for all usersMicrosoft increases Windows…

US defense contractor Electronic Warfare hit by data breach

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

The new Microsoft Store is now rolling out to Windows 10 PCs

AMD fixes dozens of Windows 10 graphics driver security bugsVoid Balaur hackers-for-hire…

New Windows 10 zero-day gives admin rights, gets unofficial patch

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…