CVE-2011-1842

high

Description

dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.

References

https://launchpad.net/ubuntu/+source/language-selector/0.6.7

https://exchange.xforce.ibmcloud.com/vulnerabilities/67255

http://www.vupen.com/english/advisories/2011/1032

http://www.ubuntuupdates.org/packages/show/307975

http://www.ubuntu.com/usn/USN-1115-1/

http://www.securityfocus.com/bid/47502

http://secunia.com/advisories/44214

Details

Source: Mitre, NVD

Published: 2011-05-03

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High