2 matches found
CVE-2011-1842
CVE-2011-1842 affects the language-selector D-Bus backend (dbus_backend/lsd.py) where SetSystemDefaultLangEnv and SetSystemDefaultLanguageEnv do not validate shell-containing arguments, enabling local privilege escalation. The issue is tied to the same underlying flaw as CVE-2011-0729 (policykit ...
CVE-2011-1842
dbusbackend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the 1 SetSystemDefaultLangEnv and 2 SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different...