CVE-2011-4349

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html
http://secunia.com/advisories/46940	Vendor Advisory
http://secunia.com/advisories/47160	Vendor Advisory
http://ubuntu.com/usn/usn-1289-1
http://www.openwall.com/lists/oss-security/2011/11/25/3
http://www.openwall.com/lists/oss-security/2011/11/25/4
http://www.securityfocus.com/bid/50814
https://bugs.freedesktop.org/show_bug.cgi?id=42904	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=757171

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:freedesktop:colord::::::::
	cpe:2.3:a:freedesktop:colord:0.1.0:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.1:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.2:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.3:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.4:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.5:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.6:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.7:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.8:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.9:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.10:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.11:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.12:::::::*
	cpe:2.3:a:freedesktop:colord:0.1.13:::::::*

History

No history.

Information

Published : 2011-12-10 17:55

Updated : 2023-12-10 11:03

NVD link : CVE-2011-4349

Mitre link : CVE-2011-4349

CVE.ORG link : CVE-2011-4349

JSON object : View

Products Affected

freedesktop

colord

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2011-4349", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-12-10T17:55:01.600", "references": [{"url": "http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b", "source": "secalert@redhat.com"}, {"url": "http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/46940", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/47160", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://ubuntu.com/usn/usn-1289-1", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/11/25/3", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/11/25/4", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/50814", "source": "secalert@redhat.com"}, {"url": "https://bugs.freedesktop.org/show_bug.cgi?id=42904", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=757171", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en (1) cd-mapping-db.c y (2) CD-dispositivo-db.c en colord antes de v0.1.15 permite a usuarios locales ejecutar comandos SQL a trav\u00e9s de vectores relacionados con los dispositivos de color y (a) el Identificador del dispositivo, (b) la propiedad o (c) el Identificador del perfil."}], "lastModified": "2011-12-12T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:colord:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD9D7F67-B0B9-4718-A4AD-43E11CB911D6", "versionEndIncluding": "0.1.14"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76935BB4-6F70-4330-8095-1C678E5008B2"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0151925-B3FD-4F66-873D-5D02D4EE5279"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "929CE81F-9E67-4AC0-8F2D-0B42173A86D7"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71A33D61-1580-4482-BFB2-F85DC9FA3EDD"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53AF414A-06D5-4C18-80E9-728BDBB89BF5"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2C0CA8E-D04C-4A65-9398-820D10367F6D"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AC9D44E-7100-489A-BC2A-FFCFF0981B19"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "212E062D-8254-4925-9BEA-316B0AB45F79"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ED10031-E979-4F25-B8B4-7AD251CBFAD9"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93945AC7-C34D-43BC-9371-68039D851DDE"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B971026A-0D3B-4125-A6F1-A8E0C81493F1"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D496542A-7EC5-4D56-AAA8-D781470EFFFD"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4028A7D6-82F5-4F46-84CF-BEC034675EDA"}, {"criteria": "cpe:2.3:a:freedesktop:colord:0.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3CE7CE-CBF5-45B0-BCB2-D6C88588FAA1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}