Vulnerability Name:

CVE-2011-0729 (CCN-66880)

Assigned:2011-04-19
Published:2011-04-19
Updated:2011-07-14
Summary:dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2011-0729

Source: CCN
Type: Packet Storm Web site
Ubuntu Security Notice USN-1115-1

Source: CCN
Type: SA44214
Ubuntu language-selector Security Bypass Vulnerability

Source: SECUNIA
Type: Vendor Advisory
44214

Source: CCN
Type: OSVDB ID: 74177
language-selector dbus_backend/lsd.py Multiple Function Shell Metacharacter Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 74178
language-selector dbus_backend/ls-dbus-backend PolicyKit Check Result Local Access Restriction Bypass

Source: BID
Type: Patch
47502

Source: CCN
Type: BID-47502
Ubuntu language-selector Local Privilege Escalation Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1115-1

Source: CCN
Type: Ubuntu Web site
language-selector

Source: CONFIRM
Type: UNKNOWN
http://www.ubuntuupdates.org/packages/show/307975

Source: VUPEN
Type: Vendor Advisory
ADV-2011-1032

Source: XF
Type: UNKNOWN
languageselector-dbus-command-exec(66880)

Source: CONFIRM
Type: UNKNOWN
https://launchpad.net/bugs/764397

Source: CONFIRM
Type: Patch
https://launchpad.net/ubuntu/+source/language-selector/0.6.7

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ubuntu:language-selector:0.0+baz20050531:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050609:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050614:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050808:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050811:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050819:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050819.2:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050822:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050823:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050824:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050912:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050926:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.0+baz20050927:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.24:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.25:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.26:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.27:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.28:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.29:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.1.30:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.13:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.15:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.16:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.17:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.3.21:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.13:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.14:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.15:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.16:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.17:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.18:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.4.19:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:0.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ubuntu:language-selector:*:*:*:*:*:*:*:* (Version <= 0.6.6)

    • Configuration CCN 1:
  • cpe:/a:ubuntu:language-selector:0.6.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13760
    P
    		USN-1115-1 -- language-selector vulnerability
    2014-06-30
    BACK
    ubuntu language-selector 0.0+baz20050531
    ubuntu language-selector 0.0+baz20050609
    ubuntu language-selector 0.0+baz20050614
    ubuntu language-selector 0.0+baz20050808
    ubuntu language-selector 0.0+baz20050811
    ubuntu language-selector 0.0+baz20050819
    ubuntu language-selector 0.0+baz20050819.2
    ubuntu language-selector 0.0+baz20050822
    ubuntu language-selector 0.0+baz20050823
    ubuntu language-selector 0.0+baz20050824
    ubuntu language-selector 0.0+baz20050912
    ubuntu language-selector 0.0+baz20050926
    ubuntu language-selector 0.0+baz20050927
    ubuntu language-selector 0.1
    ubuntu language-selector 0.1.1
    ubuntu language-selector 0.1.2
    ubuntu language-selector 0.1.3
    ubuntu language-selector 0.1.4
    ubuntu language-selector 0.1.5
    ubuntu language-selector 0.1.6
    ubuntu language-selector 0.1.7
    ubuntu language-selector 0.1.8
    ubuntu language-selector 0.1.9
    ubuntu language-selector 0.1.10
    ubuntu language-selector 0.1.11
    ubuntu language-selector 0.1.12
    ubuntu language-selector 0.1.13
    ubuntu language-selector 0.1.14
    ubuntu language-selector 0.1.15
    ubuntu language-selector 0.1.16
    ubuntu language-selector 0.1.17
    ubuntu language-selector 0.1.18
    ubuntu language-selector 0.1.19
    ubuntu language-selector 0.1.20
    ubuntu language-selector 0.1.21
    ubuntu language-selector 0.1.22
    ubuntu language-selector 0.1.23
    ubuntu language-selector 0.1.24
    ubuntu language-selector 0.1.25
    ubuntu language-selector 0.1.26
    ubuntu language-selector 0.1.27
    ubuntu language-selector 0.1.28
    ubuntu language-selector 0.1.29
    ubuntu language-selector 0.1.30
    ubuntu language-selector 0.2.0
    ubuntu language-selector 0.2.1
    ubuntu language-selector 0.2.2
    ubuntu language-selector 0.2.3
    ubuntu language-selector 0.2.4
    ubuntu language-selector 0.2.5
    ubuntu language-selector 0.2.6
    ubuntu language-selector 0.2.7
    ubuntu language-selector 0.2.8
    ubuntu language-selector 0.2.9
    ubuntu language-selector 0.2.10
    ubuntu language-selector 0.3.0
    ubuntu language-selector 0.3.1
    ubuntu language-selector 0.3.2
    ubuntu language-selector 0.3.3
    ubuntu language-selector 0.3.4
    ubuntu language-selector 0.3.5
    ubuntu language-selector 0.3.6
    ubuntu language-selector 0.3.7
    ubuntu language-selector 0.3.8
    ubuntu language-selector 0.3.9
    ubuntu language-selector 0.3.10
    ubuntu language-selector 0.3.11
    ubuntu language-selector 0.3.12
    ubuntu language-selector 0.3.13
    ubuntu language-selector 0.3.14
    ubuntu language-selector 0.3.15
    ubuntu language-selector 0.3.16
    ubuntu language-selector 0.3.17
    ubuntu language-selector 0.3.20
    ubuntu language-selector 0.3.21
    ubuntu language-selector 0.4.0
    ubuntu language-selector 0.4.1
    ubuntu language-selector 0.4.2
    ubuntu language-selector 0.4.2.1
    ubuntu language-selector 0.4.2.2
    ubuntu language-selector 0.4.2.3
    ubuntu language-selector 0.4.3
    ubuntu language-selector 0.4.4
    ubuntu language-selector 0.4.5
    ubuntu language-selector 0.4.6
    ubuntu language-selector 0.4.7
    ubuntu language-selector 0.4.8
    ubuntu language-selector 0.4.9
    ubuntu language-selector 0.4.10
    ubuntu language-selector 0.4.11
    ubuntu language-selector 0.4.12
    ubuntu language-selector 0.4.13
    ubuntu language-selector 0.4.14
    ubuntu language-selector 0.4.15
    ubuntu language-selector 0.4.16
    ubuntu language-selector 0.4.17
    ubuntu language-selector 0.4.18
    ubuntu language-selector 0.4.19
    ubuntu language-selector 0.5.0
    ubuntu language-selector 0.5.1
    ubuntu language-selector 0.5.2
    ubuntu language-selector 0.5.3
    ubuntu language-selector 0.5.4
    ubuntu language-selector 0.5.5
    ubuntu language-selector 0.5.6
    ubuntu language-selector 0.5.7
    ubuntu language-selector 0.6.0
    ubuntu language-selector 0.6.1
    ubuntu language-selector 0.6.2
    ubuntu language-selector 0.6.3
    ubuntu language-selector 0.6.4
    ubuntu language-selector 0.6.5
    ubuntu language-selector *
    ubuntu language-selector 0.6.6