FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

AccountService -- Insufficient path check in user_change_icon_file_authorized_cb()

Affected packages
accountsservice < 0.6.50

Details

VuXML ID 75aae50b-9e3c-11eb-9bc3-8c164582fbac
Discovery 2018-07-13
Entry 2021-04-15

NVD reports:

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

References

CVE Name CVE-2018-14036
URL http://www.openwall.com/lists/oss-security/2018/07/02/2
URL https://bugs.freedesktop.org/show_bug.cgi?id=107085
URL https://bugzilla.suse.com/show_bug.cgi?id=1099699
URL https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a
URL https://nvd.nist.gov/vuln/detail/CVE-2018-14036
URL https://www.securityfocus.com/bid/104757