Lucene search
UbuntuUSN-1289-1HistoryDec 07, 2011 - 12:00 a.m.
colord vulnerability
2011-12-0700:00:00
ubuntu.com
33
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.2%
Releases
- Ubuntu 11.10
Packages
- colord - Service to manage device colour profiles
Details
It was discovered that colord incorrectly handled certain SQL queries. A
local attacker could exploit this to modify arbitrary sqlite databases. On
Ubuntu, colord runs as its own user by default, so standard file
permissions would limit which databases could be altered.
References
Related
openvas
openvas
Fedora Update for colord FEDORA-2011-16453
2012-04-02 00:00:00
Fedora Update for colord FEDORA-2011-16451
2011-12-05 00:00:00
Ubuntu: Security Advisory (USN-1289-1)
2012-03-16 00:00:00
ubuntucve
ubuntucve
CVE-2011-4349
2011-11-25 00:00:00
cve
cve
CVE-2011-4349
2022-10-03 16:15:14
nessus
nessus
Fedora 15 : colord-0.1.15-1.fc15 (2011-16451)
2011-12-05 00:00:00
Ubuntu 11.10 : colord vulnerability (USN-1289-1)
2011-12-08 00:00:00
openSUSE Security Update : colord (openSUSE-2011-57)
2014-06-13 00:00:00
securityvulns
securityvulns
[USN-1289-1] colord vulnerability
2011-12-12 00:00:00
prion
prion
Sql injection
2011-12-10 17:55:00
nvd
nvd
CVE-2011-4349
2011-12-10 17:55:01
cvelist
cvelist
CVE-2011-4349
2022-10-03 16:15:14
debiancve
debiancve
CVE-2011-4349
2022-10-03 16:15:14
fedora
fedora
[SECURITY] Fedora 15 Update: colord-0.1.15-1.fc15
2011-12-05 00:24:58
[SECURITY] Fedora 16 Update: colord-0.1.15-1.fc16
2011-12-04 02:46:55
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.2%
Related for USN-1289-1