Computer Security
[EN] securityvulns.ru no-pyccku


Ubuntu utilities security vulnerabilities
Published:08.02.2012
Source:
SecurityVulns ID:12168
Type:local
Threat Level:
5/10
Description:AccountsService and Software Properties privlege escalation.
Affected:UBUNTU : Ubuntu 11.10
CVE:CVE-2011-4407 (ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.)
 CVE-2011-4406 (The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.)
Original documentdocumentUBUNTU, [USN-1352-1] Software Properties vulnerability (08.02.2012)
 documentUBUNTU, [USN-1351-1] AccountsService vulnerability (08.02.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod