6 matches found
CVE-2012-0943
CVE-2012-0943 concerns debian/guest-account in LightDM (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu 11.10. Affected component: guest-account cleanup in LightDM; root cause described as a vulnerability allowing local users to delete arbitrary files via a space in the name...
CVE-2011-3153
CVE-2011-3153 affects LightDM (Light Display Manager). The vulnerability is in dmrc.c and allows local users to read arbitrary files via a symlink attack on ~/.dmrc, valid for LightDM versions before 1.1.1. Impact is local confidentiality exposure; no remote access required. OpenSUSE and SUSE adv...
CVE-2011-4105
CVE-2011-4105 affects LightDM prior to 1.0.6. A local user can change the ownership of arbitrary files via a symlink attack on ~/.Xauthority. This is a local-privilege/teardown-style issue, with low CVSS in the base data but clear impact on file ownership. Remediation: upgrade LightDM to 1.0.6 or...
CVE-2013-4331
CVE-2013-4331 affects LightDM (Light Display Manager) versions 1.4.x up to 1.4.3, 1.6.x up to 1.6.2, and 1.7.x up to 1.7.14. The issue is that the temporary .Xauthority file uses 0664 permissions, enabling local users to read it and obtain sensitive information. Reported in multiple sources (e.g....
CVE-2013-4459
LightDM vulnerability CVE-2013-4459 affects LightDM 1.7.5–1.8.3 and 1.9.x prior to 1.9.2, where the AppArmor profile was not applied to the Guest account, allowing local users to bypass intended restrictions. Impact is local information exposure and a potential bypass of guest-restricted controls...
CVE-2012-1111
CVE-2012-1111 affects lightdm prior to 1.0.9. The issue is failure to properly close file descriptors before starting a child process, allowing local users to write to the lightdm log (and other unspecified impact). Remediation: upgrade to lightdm 1.0.9 or later (patches addressing this flaw). If...