Home > Vulnerability Database > CVE-2012-2737

Mend.io Vulnerability Database

CVE-2012-2737

Good to know:

Date: July 22, 2012

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

Language: C++

Severity Score

2.9

Related Resources (17)

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-2737

Url: https://hermes.opensuse.org/messages/15100967

Url: http://www.ubuntu.com/usn/USN-1485-1

Url: http://www.openwall.com/lists/oss-security/2012/06/28/9

Url: http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5

Url: http://secunia.com/advisories/49759

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083359.html

Url: http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d

Url: http://www.securityfocus.com/bid/54223

Url: http://osvdb.org/83398

Url: http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-2737

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/76648

Url: http://secunia.com/advisories/49695

Url: https://bugzilla.redhat.com/show_bug.cgi?id=832532

Url: http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69

Url: https://www.mend.io/vulnerability-database/CVE-2012-2737

Severity Score

2.9

Weakness Type (CWE)

Race Conditions

CWE-362

Top Fix

Upgrade Version

Upgrade to version 1.1.4

Learn More

CVSS v3.1

Base Score:	2.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	1.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-2737

Good to know:

Date: July 22, 2012

Language: C++

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?