Privilege escalation using vulnerabilities in gdm3 and accountsservice (GHSL-2020-187, GHSL-2020-188, GHSL-2020-202)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gdm3 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hi,
I have found a couple of vulnerabilities in gdm3 and accountsservice which enable an unprivileged user to create a new account with administrator privileges. I have already reported the individual bugs to the respective packages, but I am creating this issue to bring it to the attention of the Ubuntu security team, since the bugs create quite a bad combination on Ubuntu. The individual bug reports are here:
https:/
https:/
The vulnerabilities are very easy to exploit, as you can see in this video:
https:/
The video is only visible to people who have the link. Please be careful who you share it with. Note: this is a newer video than the one that I attached to the bug reports mentioned above. I found some ways to simplify the exploitation steps.
Regards,
Kevin Backhouse
GitHub Security Lab
CVE References
information type: | Private Security → Public Security |
Thanks for reporting the GDM issue. Unfortunately, we are unable to access the private GNOME bug listed above. Are there any details about the GDM issue you could share?