Lucene search

UbuntuUSN-4616-1

HistoryNov 03, 2020 - 12:00 a.m.

AccountsService vulnerabilities

2020-11-0300:00:00

ubuntu.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON

Releases

Ubuntu 20.10
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

accountsservice - query and manipulate user account information

Details

Kevin Backhouse discovered that AccountsService incorrectly dropped
privileges. A local user could possibly use this issue to cause
AccountsService to crash or hang, resulting in a denial of service.
(CVE-2020-16126)

Kevin Backhouse discovered that AccountsService incorrectly handled reading
.pam_environment files. A local user could possibly use this issue to cause
AccountsService to crash or hang, resulting in a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127)

Matthias Gerstner discovered that AccountsService incorrectly handled
certain path checks. A local attacker could possibly use this issue to
read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2018-14036)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.10noarchaccountsservice< 0.6.55-0ubuntu13.2UNKNOWN
Ubuntu20.10noarchaccountsservice-dbgsym< 0.6.55-0ubuntu13.2UNKNOWN
Ubuntu20.10noarchgir1.2-accountsservice-1.0< 0.6.55-0ubuntu13.2UNKNOWN
Ubuntu20.10noarchlibaccountsservice-dev< 0.6.55-0ubuntu13.2UNKNOWN
Ubuntu20.10noarchlibaccountsservice0< 0.6.55-0ubuntu13.2UNKNOWN
Ubuntu20.10noarchlibaccountsservice0-dbgsym< 0.6.55-0ubuntu13.2UNKNOWN
Ubuntu20.04noarchaccountsservice< 0.6.55-0ubuntu12~20.04.4UNKNOWN
Ubuntu20.04noarchaccountsservice-dbgsym< 0.6.55-0ubuntu12~20.04.4UNKNOWN
Ubuntu20.04noarchgir1.2-accountsservice-1.0< 0.6.55-0ubuntu12~20.04.4UNKNOWN
Ubuntu20.04noarchlibaccountsservice-dev< 0.6.55-0ubuntu12~20.04.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.10	noarch	accountsservice	< 0.6.55-0ubuntu13.2	UNKNOWN
Ubuntu	20.10	noarch	accountsservice-dbgsym	< 0.6.55-0ubuntu13.2	UNKNOWN
Ubuntu	20.10	noarch	gir1.2-accountsservice-1.0	< 0.6.55-0ubuntu13.2	UNKNOWN
Ubuntu	20.10	noarch	libaccountsservice-dev	< 0.6.55-0ubuntu13.2	UNKNOWN
Ubuntu	20.10	noarch	libaccountsservice0	< 0.6.55-0ubuntu13.2	UNKNOWN
Ubuntu	20.10	noarch	libaccountsservice0-dbgsym	< 0.6.55-0ubuntu13.2	UNKNOWN
Ubuntu	20.04	noarch	accountsservice	< 0.6.55-0ubuntu12~20.04.4	UNKNOWN
Ubuntu	20.04	noarch	accountsservice-dbgsym	< 0.6.55-0ubuntu12~20.04.4	UNKNOWN
Ubuntu	20.04	noarch	gir1.2-accountsservice-1.0	< 0.6.55-0ubuntu12~20.04.4	UNKNOWN
Ubuntu	20.04	noarch	libaccountsservice-dev	< 0.6.55-0ubuntu12~20.04.4	UNKNOWN