Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2011-4406

Published: 20 December 2011

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

Notes

Author	Note
jdstrand	per Robert, "I believe this is a custom Ubuntu change in accountsservice."

Priority

Status

Package	Release	Status
accountsservice Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Not vulnerable (0.6.1-1)
	oneiric	Released (0.6.14-1git1ubuntu1.1)
	upstream	Needs triage

References

Bugs

https://launchpad.net/bugs/904395

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading