CVE-2011-4406 : The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properl

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

Published 2014-04-16 18:37:12

Updated 2025-04-12 10:46:41

Source Canonical Ltd.

View at NVD, CVE.org

Products affected by CVE-2011-4406

Canonical » Ubuntu Linux » Version: 11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Matching versions
Canonical » Accountsservice
Versions up to, including, (<=) 0.6.14
cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-4406

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-4406

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-4406

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-4406

http://www.ubuntu.com/usn/USN-1351-1

USN-1351-1: AccountsService vulnerability | Ubuntu security notices
Vendor Advisory
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates/revision/21

~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates : revision 21
Patch
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4406.html

CVE-2011-4406 in Ubuntu

Jump to

Vulnerability Details : CVE-2011-4406

Products affected by CVE-2011-4406

Exploit prediction scoring system (EPSS) score for CVE-2011-4406

CVSS scores for CVE-2011-4406

CWE ids for CVE-2011-4406

References for CVE-2011-4406