Jump to content

Ubuntu 20.04 could be hacked using this security flaw


Karlston

Recommended Posts

Ubuntu 20.04 could be hacked using this security flaw

security

(Image credit: Shutterstock / Magura)

 

security researcher claims to have accidentally discovered an "astonishingly straightforward way” to gain administrative powers on an Ubuntu 20.04 LTS installation.

 

 

The vulnerability was unearthed by GitHub’s Kevin Backhouse who’s been spending time to weed out security vulnerabilities in Ubuntu’s system services to make his favourite distro as secure as possible.

 

He admits that while he’s reported a few issues, most of them have been fairly trivial. That was until he unearthed this one. “It's unusual for a vulnerability on a modern operating system to be this easy to exploit,” writes Kevin. 

Trick for treat

Exploiting privilege escalation vulnerabilities is a fairly complicated process. However, Kevin discovered a mechanism to trick an Ubuntu installation to allow a standard user to create accounts with increased privileges.

 

Kevin has detailed the process in a blog and has also posted a video of the process, which is easy to replicate. Of course, as Kevin notes, an attacker would need physical access to the Ubuntu machine. The attack also exploits vulnerabilities in the Gnome Display Manager, which means it would only work on Ubuntu 20.04 desktop installations.

 

 

The vulnerability exploits two bugs in different components of an Ubuntu installation. One is a service that manages user accounts (accountsservice) and the other is the Gnome Display Manager (gdm3) that’s responsible for the login screen.

 

Ubuntu is not the only distro to use gdm3. However the vulnerability doesn’t affect others since Ubuntu uses a modified version of accountsservice. 

 

This also makes the vulnerability easy to fix, something which the Ubuntu developers have already done. If you are running Ubuntu 18.04, 20.04 or 20.10 you should immediately update the gdm3 package from the repositories.

 

 

Ubuntu 20.04 could be hacked using this security flaw

 

ThanksForReading200x49.jpg

Link to comment
Share on other sites


  • Replies 1
  • Views 691
  • Created
  • Last Reply

It also  effected Ubuntu 18.04  LTS and Ubuntu 20.10

it was patched Nov 3rd

https://launchpad.net/ubuntu/+source/gdm3/3.28.3-0ubuntu18.04.6

https://launchpad.net/ubuntu/+source/gdm3/3.38.1-2ubuntu1.1

https://launchpad.net/ubuntu/+source/gdm3/3.36.3-0ubuntu0.20.04.2

 

4EM8Atm.png

It looks like it effects  Ubuntu 12.04 and 14.04 ESM paid support already patched  and Ubuntu  16.04 LTS eol April 30, 2021 too  people may want to consider moving on from  it they still not even patched that version yet.

 

https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16125.html

 

Zd6BmMq.png

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...