CVE-2020-16126
accountsservice drops ruid, allows unprivileged users to send it signals
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
2Exploited in Wild
-Decision
Descriptions
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
Una modificación específica de Ubuntu para AccountsService en versiones anteriores a 0.6.55-0ubuntu13.2, entre otras versiones anteriores, eliminó incorrectamente el ruid, lo que permitió a usuarios que no eran de confianza enviar señales a AccountService, impidiendo así que manejara los mensajes D-Bus de manera oportuna
Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-29 CVE Reserved
- 2020-11-03 CVE Published
- 2020-11-17 First Exploit
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|