Local Access Control Bypass in Language Selector by Ubuntu
CVE-2011-0729

Currently unrated

Key Information:

Vendor

Ubuntu

Status
Language-selector
Vendor
CVE Published:
29 April 2011

What is CVE-2011-0729?

The language-selector component of Ubuntu before version 0.6.7 contains a vulnerability in the D-Bus backend that fails to enforce proper access controls based on PolicyKit checks. This flaw allows local users to exploit the SetSystemDefaultLangEnv and SetSystemDefaultLanguageEnv functions, enabling them to alter critical system configuration files, specifically /etc/default/locale and /etc/environment. Such unauthorized modifications can lead to system misconfigurations and potential security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://launchpad.net/bugs/764397
x_refsource_CONFIRM
http://secunia.com/advisories/44214
third-party-advisoryx_refsource_SECUNIA
http://www.ubuntuupdates.org/packages/show/307975
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.