Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-2737

Опубликовано: 22 июл. 2012
Источник: nvd
CVSS2: 1.9
EPSS Низкий

Описание

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ray_stode:accountsservice:*:*:*:*:*:*:*:*
Версия до 0.6.21 (включая)
cpe:2.3:a:ray_stode:accountsservice:0.4:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.5:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.7:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.11:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.12:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.13:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.14:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.15:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.16:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.17:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.18:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.19:*:*:*:*:*:*:*
cpe:2.3:a:ray_stode:accountsservice:0.6.20:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.00071
Низкий

1.9 Low

CVSS2

Дефекты

CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2012-2737

ubuntu
больше 13 лет назад

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

debian логотип

CVE-2012-2737

debian
больше 13 лет назад

The user_change_icon_file_authorized_cb function in /usr/libexec/accou ...

github логотип

GHSA-26ch-x2j2-w6vx

github
больше 3 лет назад

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

EPSS

Процентиль: 22%
0.00071
Низкий

1.9 Low

CVSS2

Дефекты

CWE-362