8 matches found
Ubuntu: Security Advisory (USN-4533-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS : LTSP Display Manager vulnerabilities (USN-4533-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4533-1 advisory. Veeti Vetelinen discovered that the LTSP Display Manager ldm incorrectly handled user logins from unsupported shells. A local attacker could possibly use this iss...
Debian: Security Advisory (DLA-2064-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2064-1] ldm security update
Package : ldm Version : 2:2.2.15-2+deb8u1 CVE ID : CVE-2019-20373 Debian Bug : 948538 It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation. For...
Debian DSA-4601-1 : ldm - security update
It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project, incorrectly parsed responses from an SSH server, which could result in local root privilege escalation. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2019-20373
LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...
CVE-2019-20373
LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...
CVE-2019-20373
CVE-2019-20373 affects LTSP’s Display Manager (ldm) up to version 2.18.06. A local attacker can gain root by exploiting an empty LDM_USERNAME when a user’s shell lacks Bourne shell syntax support, via the run-x-session script. The issue is a local privilege escalation in LTSP LDM. Affected deploy...