Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2737

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2012-2737
Last Modified 30 Oct 2012 12:05:00
Published 22 Jul 2012 01:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2737

Summary

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

Vulnerable Systems

Application

  • Ray Stode Accountsservice 0.4

  • Ray Stode Accountsservice 0.5

  • Ray Stode Accountsservice 0.6

  • Ray Stode Accountsservice 0.6.1

  • Ray Stode Accountsservice 0.6.10

  • Ray Stode Accountsservice 0.6.11

  • Ray Stode Accountsservice 0.6.12

  • Ray Stode Accountsservice 0.6.13

  • Ray Stode Accountsservice 0.6.14

  • Ray Stode Accountsservice 0.6.15

  • Ray Stode Accountsservice 0.6.16

  • Ray Stode Accountsservice 0.6.17

  • Ray Stode Accountsservice 0.6.18

  • Ray Stode Accountsservice 0.6.19

  • Ray Stode Accountsservice 0.6.2

  • Ray Stode Accountsservice 0.6.20

  • Ray Stode Accountsservice 0.6.21

  • Ray Stode Accountsservice 0.6.3

  • Ray Stode Accountsservice 0.6.4

  • Ray Stode Accountsservice 0.6.5

  • Ray Stode Accountsservice 0.6.6

  • Ray Stode Accountsservice 0.6.7

  • Ray Stode Accountsservice 0.6.8

  • Ray Stode Accountsservice 0.6.9


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=832532

XF - accountsservice-userchangeicon-info-disc(76648)

UBUNTU - USN-1485-1

BID - 54223

MLIST - [oss-security] 20120628 accountsservice local file disclosure flaw (CVE-2012-2737)

SECUNIA - 49759

SECUNIA - 49695

OSVDB - 83398

FEDORA - FEDORA-2012-10120

CONFIRM - http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721

CONFIRM - http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d

CONFIRM - http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69

CONFIRM - http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5

SUSE - openSUSE-SU-2012:0845


Last Updated: 27 May 2016 10:54:56