Session fixation

2014-05-2223:55:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

12.7%

JSON

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.

CPENameOperatorVersion
ubuntu_linuxeq11.10
lightdmeq1.1.4
lightdmeq1.1.2
lightdmeq1.1.0
lightdmeq1.1.3
lightdmeq1.0.4
lightdmeq1.0.1
lightdmeq1.0.2
lightdmeq1.1.5
lightdmeq1.0.0