GitHub security researcher Kevin Backhouse found bugs in Ubuntu 20.04 (a long-term support release) which enabled any desktop user to get root access. The vulnerabilities have now been patched.
Backhouse discovered two separate issues, one by accident, which together enable the privilege escalation. He noted that the vulnerability is a basic one. “It's unusual for a vulnerability on a modern operating system to be this easy to exploit. I have, on some occasions, written thousands of lines of code to exploit a vulnerability,” he said.
The first part is an attack which exploits AccountsService, a daemon which manages user accounts. This comes from the freedesktop project but is modified by Ubuntu’s developers to read a file in the user’s home directory.
Pointing this file to /dev/zero (a special location which re ..
Support the originator by clicking the read the rest link below.
