It is now very possible for hackers to gain root access to Ubuntu systems by exploiting a double-free memory corruption bug in GNOME’s AccountsService component.
The bug, which was tracked as CVE-2021-3939, was discovered accidentally by security researcher Kevin Backhouse, who stated that the bug only affects Ubuntu’s fork of AccountsService. Affected versions include Ubuntu 21.10, Ubuntu 21.04, and Ubuntu 20.04 LTS.
Backhouse explained that “It relies on chance and the fact that I can keep crashing accountsservice until it’s successful. But would an attacker care? It gets you a root shell, even if you have to wait a few hours. To me, it feels like magic that it’s even possible to exploit such a small bug, especially considering all the mitigations that have been added to make memory corruption vulnerabilities harder to exploit. Sometimes, all it takes to get root is a little wishful thinking!”
It should be noted that this privilege escalation bug was fixed in November with the release of AccountsService versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, and 0.6.55-0ubuntu14.1.
To mitigate the flaw, users must apply the updates and, after applying the updates, restart the computer to apply the changes.