colord Multiple SQL Injection Vulnerabilities

Bugtraq ID:	50814
Class:	Input Validation Error
CVE:	CVE-2011-4349
Remote:	Yes
Local:	No
Published:	Nov 14 2011 12:00AM
Updated:	May 07 2015 05:03PM
Credit:	The vendor
Vulnerable:	Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 colord colord 0
Not Vulnerable:

colord Multiple SQL Injection Vulnerabilities

colord is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

colord Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

colord Multiple SQL Injection Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

colord Multiple SQL Injection Vulnerabilities

References:

• (CVE-2011-4349) CVE-2011-4349 colord: Multiple SQL injection flaws in database r (Red Hat)
  
• Bug 42904 - Use sqlite3_mprintf() to avoid SQL injections (Richard Hughes 2011)
  
• Bug 698250 - colord: new dbus and polkit rules (Richard Hughes 2011)
  
• colord Homepage (Richard Hughes)