CVE-2011-4406

high

Description

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

References

http://www.ubuntu.com/usn/USN-1351-1

http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4406.html

http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates/revision/21

Details

Source: Mitre, NVD

Published: 2014-04-16

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00053

Detections

Analytics