How Attackers Can Gain Root Access On Ubuntu System

It is now very possible for hackers to gain root access to Ubuntu systems by exploiting a double-free memory corruption bug in GNOME’s AccountsService component.

The bug, which was tracked as CVE-2021-3939, was discovered accidentally by security researcher Kevin Backhouse, who stated that the bug only affects Ubuntu’s fork of AccountsService. Affected versions include Ubuntu 21.10, Ubuntu 21.04, and Ubuntu 20.04 LTS.

Backhouse explained that “It relies on chance and the fact that I can keep crashing accountsservice until it’s successful. But would an attacker care? It gets you a root shell, even if you have to wait a few hours. To me, it feels like magic that it’s even possible to exploit such a small bug, especially considering all the mitigations that have been added to make memory corruption vulnerabilities harder to exploit. Sometimes, all it takes to get root is a little wishful thinking!”

It should be noted that this privilege escalation bug was fixed in November with the release of AccountsService versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, and 0.6.55-0ubuntu14.1.

To mitigate the flaw, users must apply the updates and, after applying the updates, restart the computer to apply the changes.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web