Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2011-4406

Published: 20 December 2011

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

Notes

AuthorNote
jdstrand
per Robert, "I believe this is a custom Ubuntu change in
accountsservice."

Priority

High

Status

Package Release Status
accountsservice
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Not vulnerable
(0.6.1-1)
oneiric
Released (0.6.14-1git1ubuntu1.1)
upstream Needs triage