Описание
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.6.15-2ubuntu10 |
| hardy | DNE | |
| lucid | DNE | |
| natty | ignored | end of life |
| oneiric | released | 0.6.14-1git1ubuntu1.2 |
| precise | released | 0.6.15-2ubuntu9.1 |
| quantal | released | 0.6.15-2ubuntu10 |
| upstream | released | 0.6.22 |
Показывать по
1.9 Low
CVSS2
Связанные уязвимости
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
The user_change_icon_file_authorized_cb function in /usr/libexec/accou ...
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
1.9 Low
CVSS2