Summary
Detail | |||
---|---|---|---|
Vendor | Ubuntu | First view | 2011-04-29 |
Product | Language-Selector | Last view | 2011-05-02 |
Version | 0.3.14 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ubuntu:language-selector |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.2 | 2011-05-02 | CVE-2011-1842 | dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729. |
7.2 | 2011-04-29 | CVE-2011-0729 | dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
50% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
74178 | language-selector dbus_backend/ls-dbus-backend PolicyKit Check Result Local A... |
74177 | language-selector dbus_backend/lsd.py Multiple Function Shell Metacharacter L... |
OpenVAS Exploits
id | Description |
---|---|
2011-05-10 | Name : Ubuntu Update for language-selector USN-1115-1 File : nvt/gb_ubuntu_USN_1115_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2011-06-13 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1115-1.nasl - Type: ACT_GATHER_INFO |