CVE-2011-1842

D-Bus backend - Privilege Escalation

Title source: llm
STIX 2.1

Description

dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.

References (8)

Core 8
Core References
Exploit, Patch x_refsource_confirm
https://launchpad.net/bugs/764397
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44214
Various Sources x_refsource_confirm
http://www.ubuntuupdates.org/packages/show/307975
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1032
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67255
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47502
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1115-1/

Scores

EPSS 0.0044
EPSS Percentile 35.4%

Details

CWE
CWE-20
Status published
Products (50)
ubuntu/language-selector 0.0\+baz20050531
ubuntu/language-selector 0.0\+baz20050609
ubuntu/language-selector 0.0\+baz20050614
ubuntu/language-selector 0.0\+baz20050808
ubuntu/language-selector 0.0\+baz20050811
ubuntu/language-selector 0.0\+baz20050819
ubuntu/language-selector 0.0\+baz20050819.2
ubuntu/language-selector 0.0\+baz20050822
ubuntu/language-selector 0.0\+baz20050823
ubuntu/language-selector 0.0\+baz20050824
... and 40 more
Published May 03, 2011
Tracked Since Feb 18, 2026