CVE-2011-4406

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
canonicalaccountsservice
𝑥
≤ 0.6.14
canonicalubuntu_linux
11.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
accountsservice
bullseye
0.6.55-3
fixed
bookworm
22.08.8-6
fixed
sid
23.13.9-7
fixed
trixie
23.13.9-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
accountsservice
oneiric
Fixed 0.6.14-1git1ubuntu1.1
released
natty
not-affected
maverick
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates/revision/21
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4406.html
http://www.ubuntu.com/usn/USN-1351-1
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates/revision/21
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4406.html
http://www.ubuntu.com/usn/USN-1351-1