CVE-2012-2737
Description
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
0.071
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| query and manipulate user account information (USN-1485-1) accountsservice_0.6.15-2ubuntu9.7_i386.deb | Linux |
| query and manipulate user account information (USN-1485-1) accountsservice_0.6.15-2ubuntu9.7_amd64.deb | Linux |
| query and manipulate user account information (USN-1485-1) libaccountsservice0_0.6.15-2ubuntu9.7_i386.deb | Linux |
| query and manipulate user account information (USN-1485-1) libaccountsservice0_0.6.15-2ubuntu9.7_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234