34 matches found
Ubuntu 10.10 : language-selector vulnerability (USN-1115-1)
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation. Note that Tenable Network...
Ubuntu Update for language-selector USN-1115-1
Ubuntu Update for Linux kernel vulnerabilities USN-1115-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11151.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for language-selector USN-1115-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...
Ubuntu: Security Advisory (USN-1115-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2011-1842
dbusbackend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the 1 SetSystemDefaultLangEnv and 2 SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different...
Design/Logic Flaw
dbusbackend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the 1 SetSystemDefaultLangEnv and 2 SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different...
CVE-2011-1842
dbusbackend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the 1 SetSystemDefaultLangEnv and 2 SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different...
CVE-2011-1842
CVE-2011-1842 affects the language-selector D-Bus backend (dbus_backend/lsd.py) where SetSystemDefaultLangEnv and SetSystemDefaultLanguageEnv do not validate shell-containing arguments, enabling local privilege escalation. The issue is tied to the same underlying flaw as CVE-2011-0729 (policykit ...
Design/Logic Flaw
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...
CVE-2011-0729
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...
CVE-2011-0729
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...
CVE-2011-0729
CVE-2011-0729 affects the language-selector D-Bus backend (dbus_backend/ls-dbus-backend) in versions before 0.6.7. The component does not restrict access based on PolicyKit checks, allowing a local user to modify /etc/default/locale and /etc/environment via (1) SetSystemDefaultLangEnv or (2) SetS...
[USN-1115-1] language-selector vulnerability
========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011 language-selector vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
USN-1115-1: language-selector vulnerability
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation...
CVE-2011-1842
dbusbackend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the 1 SetSystemDefaultLangEnv and 2 SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different...