CVE-2011-4349
Published: 25 November 2011
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
Notes
Author | Note |
---|---|
tyhicks | colord runs as colord but unpriv'ed users can create devices |
Priority
Status
Package | Release | Status |
---|---|---|
colord Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Released
(0.1.12-1ubuntu2.1)
|
|
upstream |
Released
(0.1.15)
|
|
Patches: upstream: http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b upstream: http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e |