### [CVE-2020-16126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16126)
![](https://img.shields.io/static/v1?label=Product&message=accountsservice&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0.6.35-0ubuntu7.3%3C%200.6.35-0ubuntu7.3%2Besm2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)

### Description

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

### POC

#### Reference
- https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS
- https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/zev3n/Ubuntu-Gnome-privilege-escalation