CVE-2020-16126 is a vulnerability in FreeDesktop Accountsservice
Published on November 11, 2020
accountsservice drops ruid, allows unprivileged users to send it signals
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
Vulnerability Analysis
CVE-2020-16126 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2020-16126
Want to know whenever a new CVE is published for FreeDesktop Accountsservice? stack.watch will email you.
Affected Versions
Freedesktop accountsservice:- Version 0.6.35-0ubuntu7.3 and below 0.6.35-0ubuntu7.3+esm2 is affected.
- Version 0.6.40-2ubuntu11 and below 0.6.40-2ubuntu11.6 is affected.
- Version 0.6.45-1ubuntu1 and below 0.6.45-1ubuntu1.3 is affected.
- Version 0.6.55-0ubuntu and below 0.6.55-0ubuntu12~20.04.4 is affected.
- Version 0.6.55-0ubuntu13 and below 0.6.55-0ubuntu13.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.