CVE-2020-16126

Summary

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

Affected Software

VendorProductVersion RangeStatus
Freedesktopaccountsservice0.6.35-0ubuntu7.3 < 0.6.35-0ubuntu7.3+esm2affected
Freedesktopaccountsservice0.6.40-2ubuntu11 < 0.6.40-2ubuntu11.6affected
Freedesktopaccountsservice0.6.45-1ubuntu1 < 0.6.45-1ubuntu1.3affected
Freedesktopaccountsservice0.6.55-0ubuntu < 0.6.55-0ubuntu12~20.04.4affected
Freedesktopaccountsservice0.6.55-0ubuntu13 < 0.6.55-0ubuntu13.2affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

References