fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Attackers Can Get Root by Crashing Ubuntu’s AccountsService

Attackers Can Get Root by Crashing Ubuntu’s AccountsService

A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME’s AccountsService component.

AccountsService is a D-Bus service that helps manipulate and query information attached to the user accounts available on a device.

The security flaw (a memory management bug tracked as CVE-2021-3939) was accidentally spotted by GitHub security researcher Kevin Backhouse while testing an exploit demo for another AccountsService bug that also made it possible to escalate privileges to root on vulnerable devices.

Also Read: 5 Brief Concepts Between Data Protection Directive vs GDPR

“AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command,” an Ubuntu security advisory explains.

Backhouse found that AccountsService incorrectly handled memory during some language setting operations, a flaw that local attackers could abuse to escalate privileges.

The bug only affects Ubuntu’s fork of AccountsService. Versions impacted by this vulnerability include Ubuntu 21.10, Ubuntu 21.04, and Ubuntu 20.04 LTS.

This privilege escalation flaw was fixed by Canonical in November when AccountsService versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1 were released. After applying the updates, you will also need to restart the computer to apply the changes.

Not the fastest, but definitely reliable

As he explains, his CVE-2021-3939 proof of concept exploit is slow (could that several hours) and will not work every time. However, it doesn’t matter since it can be executed until successful, seeing that the double-free bug allows crashing AccountsService as many times as needed.

The only restriction to successfully exploiting this bug is that the AccountsService crashes are rate-limited by systemd, blocking attempts to restart it more than five times every 10 seconds.

Also Read: Top 10 Best Freelance Testing Websites That Will Pay You

“It relies on chance and the fact that I can keep crashing accountsservice until it’s successful. But would an attacker care? It gets you a root shell, even if you have to wait a few hours,” Backhouse said.

“To me, it feels like magic that it’s even possible to exploit such a small bug, especially considering all the mitigations that have been added to make memory corruption vulnerabilities harder to exploit. Sometimes, all it takes to get root is a little wishful thinking!”

Further details on how the vulnerability was found and the exploit developed are available in Backhouse’s CVE-2021-3939 writeup.

Earlier this year, the researcher found an authentication bypass vulnerability in the polkit Linux system service that enabled unprivileged attackers to get a root shell on most modern distros.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us