4 matches found
CVE-2017-7358
LightDM before 1.22.0 is affected by a directory traversal flaw in debian/guest-account.sh that allows a local attacker to resolve arbitrary directory paths and escalate to root when the guest user logs out. The flaw is documented across multiple sources (e.g., CNVD-2017-05229, OSV, NVD) and is a...
CVE-2011-3349
LightDM before 0.9.6 writes in .dmrc and Xauthority files with root permissions while the files are in user-controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. Exploitation status is not provided in the linked documents; no...
CVE-2017-8900
CVE-2017-8900 affects LightDM up to version 1.22.0 when used with systemd on Ubuntu 16.10 and 17.x. A physically proximate attacker can establish a guest session and bypass AppArmor restrictions to access arbitrary users’ home directories, exposing confidential data. The issue is documented in mu...
CVE-2015-8316
CVE-2015-8316 affects LightDM. The vuln is an array index error in LightDM when the XDMCP server is enabled, allowing a remote attacker to cause a denial of service (process crash). Impact is described for affected versions: LightDM 1.14.3 and 1.16.x before 1.16.6 . The entry notes the attack is ...