Описание
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1842
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67255
- https://launchpad.net/bugs/764397
- https://launchpad.net/ubuntu/+source/language-selector/0.6.7
- http://secunia.com/advisories/44214
- http://www.securityfocus.com/bid/47502
- http://www.ubuntu.com/usn/USN-1115-1
- http://www.ubuntuupdates.org/packages/show/307975
- http://www.vupen.com/english/advisories/2011/1032
Связанные уязвимости
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.