7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7
does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2)
SetSystemDefaultLanguageEnv functions, which allows local users to gain
privileges via shell metacharacters in a string argument, a different
vulnerability than CVE-2011-0729.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.10 | noarch | language-selector | < 0.6.7 | UNKNOWN |
ubuntu | 11.04 | noarch | language-selector | < 0.33 | UNKNOWN |