CVE-2011-0729

Name of the Vulnerable Software and Affected Versions language-selector versions prior to 0.6.7

Description The issue allows local users to modify system files, specifically /etc/default/locale and /etc/environment, by making certain calls to the D-Bus backend. This is possible because the dbus backend/ls-dbus-backend in language-selector does not properly restrict access based on PolicyKit check results, enabling unauthorized modifications via SetSystemDefaultLangEnv or SetSystemDefaultLanguageEnv calls.

Recommendations For versions prior to 0.6.7, update to version 0.6.7 or later to resolve the issue.