Computer Security
[EN] no-pyccku

Ubuntu utilities security vulnerabilities
SecurityVulns ID:12168
Threat Level:
Description:AccountsService and Software Properties privlege escalation.
Affected:UBUNTU : Ubuntu 11.10
CVE:CVE-2011-4407 ( in Software Properties before does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.)
 CVE-2011-4406 (The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.)
Original documentdocumentUBUNTU, [USN-1352-1] Software Properties vulnerability (08.02.2012)
 documentUBUNTU, [USN-1351-1] AccountsService vulnerability (08.02.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod