CVE-2021-3939 - OpenCVE

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Accountsservice Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:a:canonical:accountsservice::::::::
	cpe:2.3:a:canonical:accountsservice::::::::
	cpe:2.3:a:canonical:accountsservice::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149
https://ubuntu.com/security/notices/USN-5149-1

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2021-11-17T03:15:10.949510Z

Updated: 2024-09-16T18:02:58.362Z

Reserved: 2021-11-09T00:00:00

Link: CVE-2021-3939

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-11-17T04:15:06.977

Modified: 2023-06-12T07:16:02.547

Link: CVE-2021-3939

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-3939", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "dateUpdated": "2024-09-16T18:02:58.362Z", "dateReserved": "2021-11-09T00:00:00", "datePublished": "2021-11-17T03:15:10.949510Z"}, "containers": {"cna": {"title": "Free of static data in accountsservice", "datePublic": "2021-11-16T00:00:00", "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-06-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1."}], "affected": [{"vendor": "Ubuntu", "product": "accountsservice", "versions": [{"version": "0.6.55-0ubuntu12~20.04", "status": "affected", "lessThan": "0.6.55-0ubuntu12~20.04.5", "versionType": "custom"}, {"version": "0.6.55-0ubuntu13", "status": "affected", "lessThan": "0.6.55-0ubuntu13.3", "versionType": "custom"}, {"version": "0.6.55-0ubuntu14", "status": "affected", "lessThan": "0.6.55-0ubuntu14.1", "versionType": "custom"}]}], "references": [{"url": "https://ubuntu.com/security/notices/USN-5149-1"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149"}, {"url": "http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html"}], "credits": [{"lang": "en", "value": "Kevin Backhouse"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-590 Free of Memory not on the Heap", "cweId": "CWE-590"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "USN-5149-1", "defect": ["https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149"], "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:09.693Z"}, "title": "CVE Program Container", "references": [{"url": "https://ubuntu.com/security/notices/USN-5149-1", "tags": ["x_transferred"]}, {"url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB08CB97-D747-4D11-9824-4AD73BAA28F6", "versionEndExcluding": "0.6.55-0ubuntu12\\~20.05", "versionStartIncluding": "0.6.55-0ubuntu12\\~20.04", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDFB086F-2F2C-48ED-B020-96FDA6D581EB", "versionEndExcluding": "0.6.55-0ubuntu13.3", "versionStartIncluding": "0.6.55-0ubuntu13", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1A2D965-5BF5-4B21-899A-1AD29AE1F669", "versionEndExcluding": "0.6.55-0ubuntu14.1", "versionStartIncluding": "0.6.55-0ubuntu14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*", "matchCriteriaId": "8EF1C1CC-3FAE-4DE3-BC41-E5B14D5721F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1."}, {"lang": "es", "value": "Unas modificaciones espec\u00edficas de Ubuntu a accountsservice (en el archivo de parche debian/patches/0010-set-language.patch) causaron la liberaci\u00f3n de la variable fallback_locale, que apunta al almacenamiento est\u00e1tico, en la funci\u00f3n user_change_language_authorized_cb. Esto es accesible por medio de la funci\u00f3n dbus SetLanguage. Esto es corregido en las versiones 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1"}], "id": "CVE-2021-3939", "lastModified": "2023-06-12T07:16:02.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2021-11-17T04:15:06.977", "references": [{"source": "security@ubuntu.com", "url": "http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html"}, {"source": "security@ubuntu.com", "tags": ["Broken Link"], "url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://ubuntu.com/security/notices/USN-5149-1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-590"}], "source": "security@ubuntu.com", "type": "Secondary"}]}