Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2011-4406

Published: 20 December 2011

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

Notes

Author	Note
jdstrand	per Robert, "I believe this is a custom Ubuntu change in accountsservice."

Priority

Status

Package	Release	Status
accountsservice Launchpad, Ubuntu, Debian	upstream	Needs triage
	hardy	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Not vulnerable (0.6.1-1)
	oneiric	Released (0.6.14-1git1ubuntu1.1)

References

Bugs

https://launchpad.net/bugs/904395

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading