CVE-2011-4406
Published: 20 December 2011
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
Notes
Author | Note |
---|---|
jdstrand | per Robert, "I believe this is a custom Ubuntu change in accountsservice." |
Priority
Status
Package | Release | Status |
---|---|---|
accountsservice Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Not vulnerable
(0.6.1-1)
|
|
oneiric |
Released
(0.6.14-1git1ubuntu1.1)
|