Vulnerability Description
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freedesktop | Colord | <= 0.1.14 |
Related Weaknesses (CWE)
References
- http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac
- http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd27
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.h
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.h
- http://secunia.com/advisories/46940Vendor Advisory
- http://secunia.com/advisories/47160Vendor Advisory
- http://ubuntu.com/usn/usn-1289-1
- http://www.openwall.com/lists/oss-security/2011/11/25/3
- http://www.openwall.com/lists/oss-security/2011/11/25/4
- http://www.securityfocus.com/bid/50814
- https://bugs.freedesktop.org/show_bug.cgi?id=42904Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=757171
- http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac
- http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd27
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.h
FAQ
What is CVE-2011-4349?
CVE-2011-4349 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices an...
How severe is CVE-2011-4349?
CVE-2011-4349 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4349?
Check the references section above for vendor advisories and patch information. Affected products include: Freedesktop Colord.