viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Ubuntu fixes bugs that standard users could use to become root
Technology

Ubuntu fixes bugs that standard users could use to become root

11/11/2020

Image of ones and zeros with the word

Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges.

“This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu,” Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. “With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves.”

The first series of commands triggered a denial-of-service bug in a daemon called accountsservice, which as its name suggests is used to manage user accounts on the computer. To do this, Backhouse created a Symlink that linked a file named .pam_environment to /dev/zero, changed the regional language setting, and sent accountsservice a SIGSTOP. With the help of a few extra commands, Backhouse was able to set a timer that gave him just enough time to log out of the account before accountsservice crashed.

When done correctly, Ubuntu would restart and open a window that allowed the user to create a new account that—you guessed it—had root privileges. Here’s a video of Backhouse’s attack in action.

Ubuntu 20.04 local privilege escalation using vulnerabilities in gdm3 and accountsservice

Backhouse said that Ubuntu uses a modified version of accountsservice that contains code that’s not included in the upstream version. The extra code looks for the .pam_environment file in the home directory. By making the file a symlink to /dev/zero, .pam_environment gets stuck in an infinite loop.

The second bug involved in the hack resided in the GNOME display manager, which among other things manages user sessions and the login screen. The display manager, which is often abbreviated as gdm3, also triggers the initial setup of the OS when it detects no users currently exist.

Advertisement

“How does gdm3 check how many users there are on the system?” Backhouse asked rhetorically. “You probably already guessed it: by asking accounts-daemon! So what happens if accounts-daemon is unresponsive? The relevant code is here.”

The vulnerabilities could be triggered only when someone had physical access to, and a valid account on, a vulnerable machine. It worked only on desktop versions of Ubuntu. Maintainers of the open source OS patched the bugs last week. Backhouse, who said he found the vulnerabilities by accident, has many more technical details in the above-linked blog post.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

This HoloLens 2 app is helping doctors learn how to ID coronavirus
A new HoloLens 2 app uses volumetric capture of a …

This HoloLens 2 app is helping doctors learn how to ID coronavirus

Unity will groom 80,000 game developers with education initiative
Unity Technologies hopes to groom 80,000 people for game jobs over …

Unity will groom 80,000 game developers with education initiative

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • PlayStation hires Double Fine vet Greg Rice to oversee indie relationships
    PlayStation hires Double Fine vet Greg Rice …
    12/12/2019
  • AT&T launches consumer 5G in 10 cities, but expects only 5GE-like speeds
    AT&T launches consumer 5G in 10 cities, …
    13/12/2019
  • Funnel raises $47 million to automate data collection for marketers
    Funnel raises $47 million to automate data …
    17/01/2020
  • Privacy problems are widespread for Alexa and Google Assistant voice apps, according to researchers
    Privacy problems are widespread for Alexa and …
    31/07/2020
  • Fall Guys Season 2 gets new medieval games and cosmetics
    Fall Guys Season 2 gets new medieval …
    28/08/2020

Popular Posts

  • Ars online IT roundtable Thursday: What’s the future of the data center?
    Ars online IT roundtable Thursday: What’s the …
    19/01/2021 0
  • Top 10 Crazy Ways To Get Free …
    21/12/2020 0
  • Chinese face-scanning firm CloudMinds rebrands U.S. unit after blacklisting
    Chinese face-scanning firm CloudMinds rebrands U.S. unit …
    21/12/2020 0
  • Real estate software and data analytics company RealPage to be acquired for $10.2 billion
    Real estate software and data analytics company …
    21/12/2020 0
  • Bolt raises $75 million to fight ecommerce fraud with machine learning
    Bolt raises $75 million to fight ecommerce …
    21/12/2020 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2021 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.I AgreePrivacy policy