RETIRED: LightDM '.Xauthority' Arbitrary File Access Vulnerability
BID:50685
Info
RETIRED: LightDM '.Xauthority' Arbitrary File Access Vulnerability
| Bugtraq ID: | 50685 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 15 2011 12:00AM |
| Updated: | Feb 21 2012 11:40PM |
| Credit: | Reported by the vendor |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 freedesktop.org LightDM 1.0.5 freedesktop.org LightDM 1.0.4 |
| Not Vulnerable: |
freedesktop.org LightDM 1.0.6 |
Discussion
RETIRED: LightDM '.Xauthority' Arbitrary File Access Vulnerability
Light Display Manager (LightDM) is prone to an arbitrary file-access vulnerability.
Local attackers can exploit this issue to read or write to arbitrary files. This may lead to further attacks.
This BID is being retired as a duplicate of the issue discussed in BID 50511 (LightDM 'xsession_setup()' Symlink Attack Local Privilege Escalation Vulnerability).
Light Display Manager (LightDM) is prone to an arbitrary file-access vulnerability.
Local attackers can exploit this issue to read or write to arbitrary files. This may lead to further attacks.
This BID is being retired as a duplicate of the issue discussed in BID 50511 (LightDM 'xsession_setup()' Symlink Attack Local Privilege Escalation Vulnerability).
Exploit / POC
RETIRED: LightDM '.Xauthority' Arbitrary File Access Vulnerability
An attacker uses readily available commands to exploit the issues.
An attacker uses readily available commands to exploit the issues.
Solution / Fix
RETIRED: LightDM '.Xauthority' Arbitrary File Access Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
RETIRED: LightDM '.Xauthority' Arbitrary File Access Vulnerability
References:
References:
- lightdm 1.0.6-0ubuntu1.1 source package in Ubuntu (Ubuntu)
- Ubuntu Homepage (Ubuntu)
- USN-1262-1: Light Display Manager vulnerabilities (Ubuntu)