back to article Now-patched Ubuntu desktop vulnerability allows privilege escalation

GitHub security researcher Kevin Backhouse found bugs in Ubuntu 20.04 (a long-term support release) which enabled any desktop user to get root access. The vulnerabilities have now been patched. Backhouse discovered two separate issues, one by accident, which together enable the privilege escalation. He noted that the …

  1. This post has been deleted by its author

    1. Dom 3

      Re: GUI on a server?

      Webmin.

    2. Anonymous Coward
      Anonymous Coward

      Re: GUI on a server?

      It's not arcane dude. I find it a lot harder to navigate around ever changing UIs than I do a command line. Also with a GUI, you're never quite sure if you're seeing the full picture as it were. You only see what the UI designer wants you to see because "Muh UX".

      1. MacroRodent Silver badge
        Mushroom

        Re: GUI on a server?

        Most importantly, it is straightforward to document how an operation is done with text commands: Just show the commands to use. Looking up the commands from the command history, you get a record of what you did, in case you get a "oops, what the h* did I just do" moment.

        By contrast, with GUIs the explanation is pages of screenshots interspersed with text like "go to the file menu, pick load, select the secret file, then ..." - I always scream internally when forced to write explanations of that sort to document an operation, or read them.

    3. Doctor Syntax Silver badge

      Re: GUI on a server?

      Using a Server must be an Arcane art of text commands secure like it was the seventies.

      FTFY

    4. Anonymous Coward
      Anonymous Coward

      Re: GUI on a server?

      Hmm. Written by an IIS user?

      1. Anonymous Coward
        Anonymous Coward

        Re: GUI on a server?

        Smells like one.

        I'm sensing an IIS, Tortoise SVN, Filezilla, Beyond compare, Notepad++, Remote Desktop sort of user.

  2. Cynic_999 Silver badge

    I should think that in most (or at least many) cases, the only people who have physical access to a company's server desktop GUI would be those with legitimate admin logins. For Ubuntu workstations, as it can only be exploited by people with user logins and physical access to the screen & keyboard (or maybe a GUI remote access session such as "Team Viewer"?), it is perhaps not as serious as it may appear at first read.

    Very good catch!

  3. amanfromMars 1 Silver badge

    No Shit, Sherlock, but ....... beware the woods where there be all manner of TEDdy Bears

    Although Backhouse said that this exploit is particularly easy to execute, he added that he does not want “to give you impression that Ubuntu is full of trivial security bugs; that’s not been my impression so far.”

    Systems don't need to be full of security bugs, trivial or otherwise, whenever just a few untouchable, invisible and/or unknown ones can be exploited and executed particularly easily.

    But such has been warned about long before now .........

    Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones. .... Donald Rumsfeld

  4. Pascal Monett Silver badge
    Meh

    Once again, it's a local access issue

    If the miscreant has local access, it's already game over.

    It's a vulnerability, for sure, but I won't be losing any sleep over that one.

    1. Cem Ayin

      Re: Once again, it's a local access issue

      "If the miscreant has local access, it's already game over."

      Well, unless both bootloader and firmware (including access to Intel's so-called "Management Engine" interface) have been properly locked down and the case has been secured with a padlock, of course.

      There's not normally a need for that in the server room (but then, servers should - except in a few and far inbetween special cases - not run a GUI in the first place). However, if the Ubuntu box in question happens to be serving users in a public IT lab - a scenario quite common on university campuses - this bug is indeed an issue.

  5. oresme

    Only as far back as the 70s?

    People used the command line well before that. Folks these days have short memories.

    1. ITS Retired

      Re: Only as far back as the 70s?

      Maybe because they were born after 1970?

    2. sgb

      Re: Only as far back as the 70s?

      Nonsense. Time started on 01-01-1970.

  6. Anonymous Coward
    Anonymous Coward

    Ubunt-who?

    Who’s Ubuntu?

    Windows and macOS rule the desktop.

    If you need a desktop for Linux then select an industrial strength distro.

    1. cbars

      Re: Ubunt-who?

      For example? Ubuntu is a big deal as far as Linux distros go

      Also, secondary follow up: what is the metric we should use to gauge "industrial strength"?

      Finally: what level of market share is required before we need to invest time finding bugs? If we only need to worry about the big boys, you mean that anything goes until you're, say, 20% of the market?

  7. mark l 2 Silver badge

    Is Mint or any other distro based on Ubuntu also vulnerable to this flaw?

    1. Anonymous Coward
      Anonymous Coward

      yes

      You should have received an update to the AccountService and others this month

  8. Anonymous Coward
    Anonymous Coward

    I think I see the problem here...

    "This comes from the freedesktop project "

    1. Steve Graham

      Re: I think I see the problem here...

      I'm with you on this. The footprints of freedesktop.org are all over the average Linux distro, and provide little useful functionality for much-expanded attack surface.

      And as for the Gnome system watching to see if the Account service is running and then deciding you need a new privileged user, it's not the first approach I'd have thought of. Is there a password file? When was it modified? Does it have a root account enabled? And so on.

  9. Anonymous Coward
    Anonymous Coward

    In before Jake

    I mean it's a Linux article...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021