A security researcher claims to have accidentally discovered an “astonishingly straightforward way” to gain administrative powers on an Ubuntu 20.04 LTS installation.
The vulnerability was unearthed by GitHub’s Kevin Backhouse who’s been spending time to weed out security vulnerabilities in Ubuntu’s system services to make his favourite distro as secure as possible.
He admits that while he’s reported a few issues, most of them have been fairly trivial. That was until he unearthed this one. “It’s unusual for a vulnerability on a modern operating system to be this easy to exploit,” writes Kevin.
Trick for treat
Exploiting privilege escalation vulnerabilities is a fairly complicated process. However, Kevin discovered a mechanism to trick an Ubuntu installation to allow a standard user to create accounts with increased privileges.
Kevin has detailed the process in a blog and has also posted a video of the process, which is easy to replicate. Of course, as Kevin notes, an attacker would need physical access to the Ubuntu machine. The attack also exploits vulnerabilities in the Gnome Display Manager, which means it would only work on Ubuntu 20.04 desktop installations.
The vulnerability exploits two bugs in different components of an Ubuntu installation. One is a service that manages user accounts (accountsservice) and the other is the Gnome Display Manager (gdm3) that’s responsible for the login screen.
Ubuntu is not the only distro to use gdm3. However the vulnerability doesn’t affect others since Ubuntu uses a modified version of accountsservice.
This also makes the vulnerability easy to fix, something which the Ubuntu developers have already done. If you are running Ubuntu 18.04, 20.04 or 20.10 you should immediately update the gdm3 package from the repositories.