Primary

Context

Ubuntu AccountsService Privilege Dropping Vulnerability Allowing Denial-of-Service

Vulnerability

Patched

A vulnerability in the AccountsService package on Ubuntu has been identified, where the application incorrectly manages user privileges. This flaw can lead to the creation of the .pam_environment file with root ownership, instead of the current user. As a result, a local user might exploit this issue, causing AccountsService to crash or become unresponsive, which disrupts normal service operation.

Impact

Exploitation of this vulnerability can cause AccountsService to crash or stop responding, leading to a denial-of-service condition.

Remediation

Users can update their system to the AccountsService version 22.07.5-2ubuntu1.3 to address this vulnerability. After updating, a system reboot is required to apply the changes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ubuntu AccountsService Privilege Dropping Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Ubuntu accountsservice

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating