The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService prior to 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ray stode accountsservice 0.6.19 |
||
ray stode accountsservice 0.6.18 |
||
ray stode accountsservice 0.6.11 |
||
ray stode accountsservice 0.6.10 |
||
ray stode accountsservice 0.6.2 |
||
ray stode accountsservice 0.6.1 |
||
ray stode accountsservice 0.6.17 |
||
ray stode accountsservice 0.6.16 |
||
ray stode accountsservice 0.6.9 |
||
ray stode accountsservice 0.6.8 |
||
ray stode accountsservice 0.6.7 |
||
ray stode accountsservice 0.6.15 |
||
ray stode accountsservice 0.6.14 |
||
ray stode accountsservice 0.6.6 |
||
ray stode accountsservice 0.6.5 |
||
ray stode accountsservice 0.4 |
||
ray stode accountsservice 0.6 |
||
ray stode accountsservice 0.5 |
||
ray stode accountsservice |
||
ray stode accountsservice 0.6.20 |
||
ray stode accountsservice 0.6.13 |
||
ray stode accountsservice 0.6.12 |
||
ray stode accountsservice 0.6.4 |
||
ray stode accountsservice 0.6.3 |
Vulmon