REDHAT-BUG-832532: Race Condition
First published: Fri Jun 15 2012(Updated: )
Florian Weimer found a local file disclosure flaw in accountsservice, an account management system using D-Bus for querying and manipulating user accounts. The implementation of the SetIconFile method of the org.freedesktop.Accounts.User D-Bus interface can disclose arbitrary files due to a race condition in user_change_icon_file_authorized_cb() in /usr/libexec/accounts-daemon. When this function calls get_caller_uid(), it uses PolicyKit to obtain the UID of the requesting process from /proc. At the time the UID is fetched, it may not match the original UID making the D-Bus request if the process has executed an SUID binary.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Accountsservice |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=593003&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=593003&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=593044&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=593044&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=832532#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=836284
- http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5
- http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721
- http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d
- https://bugzilla.redhat.com/show_bug.cgi?id=832532
Frequently Asked Questions
What is the severity of REDHAT-BUG-832532?
The severity of REDHAT-BUG-832532 is considered high due to its potential for local file disclosure.
How do I fix REDHAT-BUG-832532?
To mitigate REDHAT-BUG-832532, update to the latest version of accountsservice that contains the fix.
Which software is affected by REDHAT-BUG-832532?
REDHAT-BUG-832532 affects the freedesktop accountsservice system.
What kind of vulnerability is REDHAT-BUG-832532?
REDHAT-BUG-832532 is a local file disclosure vulnerability found in accountsservice.
Can REDHAT-BUG-832532 be exploited remotely?
No, REDHAT-BUG-832532 is categorized as a local vulnerability and cannot be exploited remotely.
- collector/redhat-bugzilla
- alias/CVE-2012-2737
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/freedesktop
- canonical/red hat accountsservice