Privilege Escalation Vulnerability in Language Selector by Ubuntu
CVE-2011-1842

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Language-selector
Vendor: CVE Published:; 3 May 2011

What is CVE-2011-1842?

The Language Selector in Ubuntu prior to version 0.6.7 contains a vulnerability in its D-Bus backend, specifically within the dbus_backend/lsd.py file. It fails to properly validate input arguments for the SetSystemDefaultLangEnv and SetSystemDefaultLanguageEnv functions. This oversight allows local users to exploit the system by injecting shell metacharacters into string arguments, potentially escalating their privileges. This issue highlights the importance of input validation in ensuring the security of system functions.

References

https://launchpad.net/bugs/764397

x_refsource_CONFIRM

http://secunia.com/advisories/44214

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntuupdates.org/packages/show/307975

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2011
Vulnerability Reserved
May 2, 2011