CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
USN-6190-1 fixed a vulnerability in AccountsService. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS.
Original advisory details:
Kevin Backhouse discovered that AccountsService incorrectly handled certain
D-Bus messages. A local attacker could use this issue to cause
AccountsService to crash, resulting in a denial of service, or possibly
execute arbitrary code.