Freedesktop Accountsservice : Security vulnerabilities, CVEs

Copy

CVE-2020-16127

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

Max CVSS

5.5

EPSS Score

0.04%

Published

2020-11-11

Updated

2020-11-24

CVE-2020-16126

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

Max CVSS

3.3

EPSS Score

0.04%

Published

2020-11-11

Updated

2020-11-24

CVE-2018-14036

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Max CVSS

6.5

EPSS Score

0.18%

Published

2018-07-13

Updated

2018-09-06

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!