Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 6190-2 Critical Advisory: AccountsService DoS Risk and Mitigation

ubuntu
Calendar Grey September 25, 2023
Dist Ubuntu Esm H88
The vulnerability present in the AccountsService could enable local attackers to compromise services or run unrestricted code on Ubuntu machines.
AccountsService could be made to crash or run programs if it received specially crafted messages.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: AccountsService could be made to crash or run programs if it received specially crafted messages. Software Description: - accountsservice: query and manipulate user account information Details: USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code.

Topics%20covered

Topics Covered

security advisory denial of service critical remote execution ubuntu service crash accountsservice

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): accountsservice 0.6.45-1ubuntu1.3+esm1 libaccountsservice0 0.6.45-1ubuntu1.3+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): accountsservice 0.6.40-2ubuntu11.6+esm1 libaccountsservice0 0.6.40-2ubuntu11.6+esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): accountsservice 0.6.35-0ubuntu7.3+esm3 libaccountsservice0 0.6.35-0ubuntu7.3+esm3 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6190-2

https://ubuntu.com/security/notices/USN-6190-1

CVE-2023-3297

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6190-2

Topics%20covered

Topics Covered

security advisory denial of service critical remote execution ubuntu service crash accountsservice

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here