Unrated severityNVD Advisory· Published Jul 22, 2012· Updated Apr 29, 2026
CVE-2012-2737
CVE-2012-2737
Description
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
Affected products
24cpe:2.3:a:ray_stode:accountsservice:*:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:ray_stode:accountsservice:*:*:*:*:*:*:*:*range: <=0.6.21
- cpe:2.3:a:ray_stode:accountsservice:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.19:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:ray_stode:accountsservice:0.6.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- cgit.freedesktop.org/accountsservice/commit/nvdExploitPatch
- cgit.freedesktop.org/accountsservice/commit/nvdExploitPatch
- cgit.freedesktop.org/accountsservice/commit/nvdExploitPatch
- secunia.com/advisories/49695nvdVendor Advisory
- secunia.com/advisories/49759nvdVendor Advisory
- cgit.freedesktop.org/accountsservice/commit/nvd
- lists.fedoraproject.org/pipermail/package-announce/2012-July/083359.htmlnvd
- osvdb.org/83398nvd
- www.openwall.com/lists/oss-security/2012/06/28/9nvd
- www.securityfocus.com/bid/54223nvd
- www.ubuntu.com/usn/USN-1485-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/76648nvd
- hermes.opensuse.org/messages/15100967nvd
News mentions
0No linked articles in our index yet.