Published: 13/07/2018 Updated: 06/09/2018

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Directory Traversal with ../ sequences occurs in AccountsService prior to 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freedesktop accountsservice

Debian Bug report logs - #903828 accountsservice: CVE-2018-14036: insufficient path check in user_change_icon_file_authorized_cb() in userc Package: src:accountsservice; Maintainer for src:accountsservice is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonac ...

Directory Traversal with / sequences occurs in AccountsService before 0650 because of an insufficient path check in user_change_icon_file_authorized_cb() in userc ...

CWE-22 https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a https://bugzilla.suse.com/show_bug.cgi?id=1099699 https://bugs.freedesktop.org/show_bug.cgi?id=107085 http://www.openwall.com/lists/oss-security/2018/07/02/2 http://www.securityfocus.com/bid/104757 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-14036

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect