CVE-2012-2737

Published: 28 June 2012

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

Priority

Status

Package	Release	Status
accountsservice Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (end of life)
	oneiric	Released (0.6.14-1git1ubuntu1.2)
	precise	Released (0.6.15-2ubuntu9.1)
	quantal	Released (0.6.15-2ubuntu10)
	upstream	Released (0.6.22)
	Patches: upstream: http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5 upstream: http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721 upstream: http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d

References

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=832532

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›