Main Vulnerability Database Exploits ID:4835 - Exploit for Infinite loop in accountsservice (Ubuntu package) - CVE-2020-16127

ID:4835 - Exploit for Infinite loop in accountsservice (Ubuntu package) - CVE-2020-16127

Published: November 12, 2020

Vulnerability identifier: #VU48379

Vulnerability risk: Low

CVE-ID: CVE-2020-16127

CWE-ID: CWE-835

Exploitation vector: Local access

Vulnerable software:
accountsservice (Ubuntu package)

Link to public exploit:

https://github.com/zev3n/Ubuntu-Gnome-privilege-escalation

Vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the "is_in_pam_environment" function. A local user can trigger an infinite loop by creating a symlink to "/dev/zero" and cause denial of service conditions.

Remediation

Install updates from vendor's website.

ID:4835 - Exploit for Infinite loop in accountsservice (Ubuntu package) - CVE-2020-16127

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human