Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-4616-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.844694

Category: Ubuntu Local Security Checks

Title: Ubuntu: Security Advisory (USN-4616-1)

Summary: The remote host is missing an update for the 'accountsservice' package(s) announced via the USN-4616-1 advisory.

Description: Summary:
The remote host is missing an update for the 'accountsservice' package(s) announced via the USN-4616-1 advisory.

Vulnerability Insight:
Kevin Backhouse discovered that AccountsService incorrectly dropped
privileges. A local user could possibly use this issue to cause
AccountsService to crash or hang, resulting in a denial of service.
(CVE-2020-16126)

Kevin Backhouse discovered that AccountsService incorrectly handled reading
.pam_environment files. A local user could possibly use this issue to cause
AccountsService to crash or hang, resulting in a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127)

Matthias Gerstner discovered that AccountsService incorrectly handled
certain path checks. A local attacker could possibly use this issue to
read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2018-14036)

Affected Software/OS:
'accountsservice' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 20.10.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-14036
BugTraq ID: 104757
http://www.securityfocus.com/bid/104757
http://www.openwall.com/lists/oss-security/2018/07/02/2
https://bugs.freedesktop.org/show_bug.cgi?id=107085
https://bugzilla.suse.com/show_bug.cgi?id=1099699
https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a
Common Vulnerability Exposure (CVE) ID: CVE-2020-16126
https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS
Common Vulnerability Exposure (CVE) ID: CVE-2020-16127

Copyright Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.844694
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4616-1)
Summary:	The remote host is missing an update for the 'accountsservice' package(s) announced via the USN-4616-1 advisory.
Description:	Summary: The remote host is missing an update for the 'accountsservice' package(s) announced via the USN-4616-1 advisory. Vulnerability Insight: Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. (CVE-2020-16126) Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127) Matthias Gerstner discovered that AccountsService incorrectly handled certain path checks. A local attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14036) Affected Software/OS: 'accountsservice' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 20.10. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14036 BugTraq ID: 104757 http://www.securityfocus.com/bid/104757 http://www.openwall.com/lists/oss-security/2018/07/02/2 https://bugs.freedesktop.org/show_bug.cgi?id=107085 https://bugzilla.suse.com/show_bug.cgi?id=1099699 https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a Common Vulnerability Exposure (CVE) ID: CVE-2020-16126 https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS Common Vulnerability Exposure (CVE) ID: CVE-2020-16127
Copyright	Copyright (C) 2020 Greenbone AG