10 matches found
CVE-2011-0729
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...
EUVD-2011-0742
Malware in sbrugna...
Ubuntu 10.10 : language-selector vulnerability (USN-1115-1)
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation. Note that Tenable Network...
Design/Logic Flaw
dbusbackend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the 1 SetSystemDefaultLangEnv and 2 SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different...
CVE-2011-1842
CVE-2011-1842 affects the language-selector D-Bus backend (dbus_backend/lsd.py) where SetSystemDefaultLangEnv and SetSystemDefaultLanguageEnv do not validate shell-containing arguments, enabling local privilege escalation. The issue is tied to the same underlying flaw as CVE-2011-0729 (policykit ...
Design/Logic Flaw
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...
CVE-2011-0729
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...
CVE-2011-0729
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...
USN-1115-1: language-selector vulnerability
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation...
CVE-2011-0729
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...