CVE-2011-4406

EUVD-2011-4335
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
canonicalaccountsservice
𝑥
≤ 0.6.14
canonicalubuntu_linux
11.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
accountsservice
bookworm
22.08.8-6
fixed
bullseye
0.6.55-3
fixed
sid
23.13.9-7
fixed
trixie
23.13.9-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
accountsservice
hardy
dne
lucid
dne
maverick
dne
natty
not-affected
oneiric
Fixed 0.6.14-1git1ubuntu1.1
released
Common Weakness Enumeration
References
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates/revision/21
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4406.html
http://www.ubuntu.com/usn/USN-1351-1
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates/revision/21
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4406.html
http://www.ubuntu.com/usn/USN-1351-1