Local Access Control Bypass in Language Selector by Ubuntu
CVE-2011-0729

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Language-selector
Vendor: CVE Published:; 29 April 2011

What is CVE-2011-0729?

The language-selector component of Ubuntu before version 0.6.7 contains a vulnerability in the D-Bus backend that fails to enforce proper access controls based on PolicyKit checks. This flaw allows local users to exploit the SetSystemDefaultLangEnv and SetSystemDefaultLanguageEnv functions, enabling them to alter critical system configuration files, specifically /etc/default/locale and /etc/environment. Such unauthorized modifications can lead to system misconfigurations and potential security breaches.

References

https://launchpad.net/bugs/764397

x_refsource_CONFIRM

http://secunia.com/advisories/44214

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntuupdates.org/packages/show/307975

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 29, 2011