CVE-2020-16127 is a vulnerability in FreeDesktop Accountsservice
Published on November 11, 2020
accountsservice .pam_environment infinite loop
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
Vulnerability Analysis
CVE-2020-16127 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2020-16127
Want to know whenever a new CVE is published for FreeDesktop Accountsservice? stack.watch will email you.
Affected Versions
Freedesktop accountsservice:- Version 0.6.35-0ubuntu7.3 and below 0.6.35-0ubuntu7.3+esm2 is affected.
- Version 0.6.40-2ubuntu11 and below 0.6.40-2ubuntu11.6 is affected.
- Version 0.6.45-1ubuntu1 and below 0.6.45-1ubuntu1.3 is affected.
- Version 0.6.55-0ubuntu and below 0.6.55-0ubuntu12~20.04.4 is affected.
- Version 0.6.55-0ubuntu13 and below 0.6.55-0ubuntu13.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.