This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ubuntu First view 2011-04-29
Product Language-Selector Last view 2011-05-02
Version 0.3.14 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ubuntu:language-selector

Activity : Overall

Related : CVE

  Date Alert Description
7.2 2011-05-02 CVE-2011-1842

dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.
7.2 2011-04-29 CVE-2011-0729

dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
74178 language-selector dbus_backend/ls-dbus-backend PolicyKit Check Result Local A...
74177 language-selector dbus_backend/lsd.py Multiple Function Shell Metacharacter L...

OpenVAS Exploits

id Description
2011-05-10 Name : Ubuntu Update for language-selector USN-1115-1
File : nvt/gb_ubuntu_USN_1115_1.nasl

Nessus® Vulnerability Scanner

id Description
2011-06-13 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1115-1.nasl - Type: ACT_GATHER_INFO