CVE-2012-2737

Published Jul 22, 2012

Last updated 7 years ago

Overview

Description: The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 1.9
Impact score: 2.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-362

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F6D06E2-4F74-46DE-B9BF-1C97604CF021",
            "versionEndIncluding": "0.6.21"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9723C9C-DCE0-4A70-BE21-F84BE744B170"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E4E5A11-875E-4E50-B997-0CC42AA1529C"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "654FD8F2-7ECA-486C-847E-C2EEC84BB3E1"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BFA6933-27FE-460E-9777-FEDDBDDEB493"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D4D9B34-CD44-445B-A4A6-76ABD9FF3888"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69F9EAC8-F005-48A1-A214-A00A189650D8"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C25F666F-DB6D-434E-9A6E-EA2116161D1F"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01252CDF-C1E1-4252-800E-75BFE0D58F8B"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8DB9A31-507D-442D-BBB0-1A0BEEB2D8C1"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "493D8E98-684F-449E-BC99-DFAAA62A026C"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43265E3B-E946-414D-89CF-B9E6EE5928A7"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0200BD3-3F07-4730-957A-365DFF16C0CA"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "165A55CE-F24D-48A2-BF5C-82AD84A21863"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF70F0E-9E79-4B31-83EF-C6CE2547EE36"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9A8BE2A-F05B-47B8-9F81-83D6B58600E7"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E67888F7-EEFC-416B-A7B2-0C316DF16F90"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "888560B6-3983-48A6-83A7-6CE37A48B682"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBCABDCE-B8B8-4509-A2D9-CC2DF0DF577C"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A298B5D-C081-4044-8D20-1312A02674A5"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF12AD26-C604-432E-ADEB-EC29AE570473"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE3C8201-8216-49C0-8216-AFE153DAEB47"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99310E73-890E-4313-9033-DC29B1DFCEAB"
          },
          {
            "criteria": "cpe:2.3:a:ray_stode:accountsservice:0.6.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47E3542C-0633-4083-A3EA-414C7E02EC97"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References