EUVD-2011-3121

Malware in sbrugna...

GLSA-202402-02 : SDDM: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202402-02 SDDM: Privilege Escalation - An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X...

SUSE CVE-2011-3349

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation...

SUSE CVE-2013-4331

Light Display Manager aka LightDM 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file...

Authentication Bypass

sddm is vulnerable to authentication bypass. The X server allows unprivileged users to create a connection to the server without authentication due to an incorrect start and race condition during Xauthority file creation...

MGASA-2020-0412 Updated sddm package fixes a security vulnerability

Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges CVE-2020-28049...

Updated sddm package fixes a security vulnerability

Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges CVE-2020-28049...

Debian DSA-4783-1 : sddm - security update

Fabian Vogt discovered a flaw in sddm, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Race condition

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents an...

UBUNTU-CVE-2020-28049

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents an...

CVE-2011-3154

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file...

Design/Logic Flaw

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file...

DEBIAN-CVE-2013-4331

Light Display Manager aka LightDM 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file...

Fedora 20 : lightdm-1.7.15-1.fc20 (2013-16293)

New upstream bugfix release : - Correctly set permissions on Xauthority file. - Correctly set $XDGCURRENTDESKTOP for non-autologin sessions - Fix overallocation of array for strings from greeter. - Set XDGVTNR=1 as a fallback if using SeatUnity without a functioning compositor or working VT...

Ubuntu Update for update-manager USN-1284-2

Ubuntu Update for Linux kernel vulnerabilities USN-1284-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN12842.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for update-manager USN-1284-2 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...

DEBIAN-CVE-2011-4105

LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on /.Xauthority...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : update-manager vulnerabilities (USN-1284-1)

David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. CVE-2011-3152 David Black...