Jump to content

Ubuntu fixes bugs that standard users could use to become root


securitybreach

Recommended Posts

securitybreach

Wow, that is a serious bug. Good thing that it got fixed.

 

Quote

Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges.

 

“This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu,” Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. “With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves.”

 

The first series of commands triggered a denial-of-service bug in a daemon called accountsservice, which as its name suggests is used to manage user accounts on the computer. To do this, Backhouse created a Symlink that linked a file named .pam_environment to /dev/zero, changed the regional language setting, and sent accountsservice a SIGSTOP. With the help of a few extra commands, Backhouse was able to set a timer that gave him just enough time to log out of the account before accountsservice crashed.


When done correctly, Ubuntu would restart and open a window that allowed the user to create a new account that—you guessed it—had root privileges. 

 

 

 

https://arstechnica.com/information-technology/2020/11/ubuntu-fixes-bugs-that-standard-users-could-use-to-become-root/

  • Agree 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...