QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2737

Published: Jul 22, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=832532

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

accountsservice-userchangeicon-info-disc(76648)

vdb-entry

x_refsource_XF

openSUSE-SU-2012:0845

vendor-advisory

x_refsource_SUSE

http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5

x_refsource_CONFIRM

http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69

x_refsource_CONFIRM

[oss-security] 20120628 accountsservice local file disclosure flaw (CVE-2012-2737)

mailing-list

x_refsource_MLIST

FEDORA-2012-10120

vendor-advisory

x_refsource_FEDORA

http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.