Lucene search
HistoryMay 03, 2011 - 12:55 a.m.
CVE-2011-1842
cve-2011-1842
d-bus backend
language-selector
local privilege escalation
security vulnerability
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.
Affected configurations
Node
ubuntulanguage-selectorRange≤0.6.6
ORubuntulanguage-selectorMatch0.0\+baz20050531
ORubuntulanguage-selectorMatch0.0\+baz20050609
ORubuntulanguage-selectorMatch0.0\+baz20050614
ORubuntulanguage-selectorMatch0.0\+baz20050808
ORubuntulanguage-selectorMatch0.0\+baz20050811
ORubuntulanguage-selectorMatch0.0\+baz20050819
ORubuntulanguage-selectorMatch0.0\+baz20050819.2
ORubuntulanguage-selectorMatch0.0\+baz20050822
ORubuntulanguage-selectorMatch0.0\+baz20050823
ORubuntulanguage-selectorMatch0.0\+baz20050824
ORubuntulanguage-selectorMatch0.0\+baz20050912
ORubuntulanguage-selectorMatch0.0\+baz20050926
ORubuntulanguage-selectorMatch0.0\+baz20050927
ORubuntulanguage-selectorMatch0.1
ORubuntulanguage-selectorMatch0.1.1
ORubuntulanguage-selectorMatch0.1.2
ORubuntulanguage-selectorMatch0.1.3
ORubuntulanguage-selectorMatch0.1.4
ORubuntulanguage-selectorMatch0.1.5
ORubuntulanguage-selectorMatch0.1.6
ORubuntulanguage-selectorMatch0.1.7
ORubuntulanguage-selectorMatch0.1.8
ORubuntulanguage-selectorMatch0.1.9
ORubuntulanguage-selectorMatch0.1.10
ORubuntulanguage-selectorMatch0.1.11
ORubuntulanguage-selectorMatch0.1.12
ORubuntulanguage-selectorMatch0.1.13
ORubuntulanguage-selectorMatch0.1.14
ORubuntulanguage-selectorMatch0.1.15
ORubuntulanguage-selectorMatch0.1.16
ORubuntulanguage-selectorMatch0.1.17
ORubuntulanguage-selectorMatch0.1.18
ORubuntulanguage-selectorMatch0.1.19
ORubuntulanguage-selectorMatch0.1.20
ORubuntulanguage-selectorMatch0.1.21
ORubuntulanguage-selectorMatch0.1.22
ORubuntulanguage-selectorMatch0.1.23
ORubuntulanguage-selectorMatch0.1.24
ORubuntulanguage-selectorMatch0.1.25
ORubuntulanguage-selectorMatch0.1.26
ORubuntulanguage-selectorMatch0.1.27
ORubuntulanguage-selectorMatch0.1.28
ORubuntulanguage-selectorMatch0.1.29
ORubuntulanguage-selectorMatch0.1.30
ORubuntulanguage-selectorMatch0.2.0
ORubuntulanguage-selectorMatch0.2.1
ORubuntulanguage-selectorMatch0.2.2
ORubuntulanguage-selectorMatch0.2.3
ORubuntulanguage-selectorMatch0.2.4
ORubuntulanguage-selectorMatch0.2.5
ORubuntulanguage-selectorMatch0.2.6
ORubuntulanguage-selectorMatch0.2.7
ORubuntulanguage-selectorMatch0.2.8
ORubuntulanguage-selectorMatch0.2.9
ORubuntulanguage-selectorMatch0.2.10
ORubuntulanguage-selectorMatch0.3.0
ORubuntulanguage-selectorMatch0.3.1
ORubuntulanguage-selectorMatch0.3.2
ORubuntulanguage-selectorMatch0.3.3
ORubuntulanguage-selectorMatch0.3.4
ORubuntulanguage-selectorMatch0.3.5
ORubuntulanguage-selectorMatch0.3.6
ORubuntulanguage-selectorMatch0.3.7
ORubuntulanguage-selectorMatch0.3.8
ORubuntulanguage-selectorMatch0.3.9
ORubuntulanguage-selectorMatch0.3.10
ORubuntulanguage-selectorMatch0.3.11
ORubuntulanguage-selectorMatch0.3.12
ORubuntulanguage-selectorMatch0.3.13
ORubuntulanguage-selectorMatch0.3.14
ORubuntulanguage-selectorMatch0.3.15
ORubuntulanguage-selectorMatch0.3.16
ORubuntulanguage-selectorMatch0.3.17
ORubuntulanguage-selectorMatch0.3.20
ORubuntulanguage-selectorMatch0.3.21
ORubuntulanguage-selectorMatch0.4.0
ORubuntulanguage-selectorMatch0.4.1
ORubuntulanguage-selectorMatch0.4.2
ORubuntulanguage-selectorMatch0.4.2.1
ORubuntulanguage-selectorMatch0.4.2.2
ORubuntulanguage-selectorMatch0.4.2.3
ORubuntulanguage-selectorMatch0.4.3
ORubuntulanguage-selectorMatch0.4.4
ORubuntulanguage-selectorMatch0.4.5
ORubuntulanguage-selectorMatch0.4.6
ORubuntulanguage-selectorMatch0.4.7
ORubuntulanguage-selectorMatch0.4.8
ORubuntulanguage-selectorMatch0.4.9
ORubuntulanguage-selectorMatch0.4.10
ORubuntulanguage-selectorMatch0.4.11
ORubuntulanguage-selectorMatch0.4.12
ORubuntulanguage-selectorMatch0.4.13
ORubuntulanguage-selectorMatch0.4.14
ORubuntulanguage-selectorMatch0.4.15
ORubuntulanguage-selectorMatch0.4.16
ORubuntulanguage-selectorMatch0.4.17
ORubuntulanguage-selectorMatch0.4.18
ORubuntulanguage-selectorMatch0.4.19
ORubuntulanguage-selectorMatch0.5.0
ORubuntulanguage-selectorMatch0.5.1
ORubuntulanguage-selectorMatch0.5.2
ORubuntulanguage-selectorMatch0.5.3
ORubuntulanguage-selectorMatch0.5.4
ORubuntulanguage-selectorMatch0.5.5
ORubuntulanguage-selectorMatch0.5.6
ORubuntulanguage-selectorMatch0.5.7
ORubuntulanguage-selectorMatch0.6.0
ORubuntulanguage-selectorMatch0.6.1
ORubuntulanguage-selectorMatch0.6.2
ORubuntulanguage-selectorMatch0.6.3
ORubuntulanguage-selectorMatch0.6.4
ORubuntulanguage-selectorMatch0.6.5
References
secunia.com/advisories/44214
www.securityfocus.com/bid/47502
www.ubuntu.com/usn/USN-1115-1/
www.ubuntuupdates.org/packages/show/307975
www.vupen.com/english/advisories/2011/1032
exchange.xforce.ibmcloud.com/vulnerabilities/67255
launchpad.net/bugs/764397
launchpad.net/ubuntu/+source/language-selector/0.6.7
Related
nessus
nessus
Ubuntu 10.10 : language-selector vulnerability (USN-1115-1)
2011-06-13 00:00:00
cvelist
cvelist
CVE-2011-1842
2011-05-03 00:03:00
CVE-2011-0729
2022-10-03 16:15:20
ubuntucve
ubuntucve
CVE-2011-1842
2011-04-19 00:00:00
CVE-2011-0729
2011-04-19 00:00:00
prion
prion
Design/Logic Flaw
2011-05-03 00:55:00
Design/Logic Flaw
2011-04-29 22:55:00
nvd
nvd
CVE-2011-1842
2011-05-03 00:55:01
CVE-2011-0729
2011-04-29 22:55:00
openvas
openvas
Ubuntu: Security Advisory (USN-1115-1)
2011-05-10 00:00:00
Ubuntu Update for language-selector USN-1115-1
2011-05-10 00:00:00
ubuntu
ubuntu
language-selector vulnerability
2011-04-19 00:00:00
securityvulns
securityvulns
[USN-1115-1] language-selector vulnerability
2011-04-21 00:00:00
language-selector privilege escalation
2011-04-21 00:00:00
cve
cve
CVE-2011-0729
2022-10-03 16:15:20
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2011-1842