Published: 05/04/2017 Updated: 16/08/2017

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

In LightDM up to and including 1.22.0, a directory traversal issue in debian/guest-account.sh allows local malicious users to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lightdm project lightdm
canonical ubuntu linux 16.10
canonical ubuntu linux 16.04

LightDM could be made to run programs as an administrator ...

In LightDM through 1220, a directory traversal issue in debian/guest-accountsh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out ...

Source: blogssecuriteamcom/indexphp/archives/3134 Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 1610 / 1604 LTS Ubuntu is an open source software platform that runs everywhere from IoT devices, the smartphone, the tablet and the PC to the server and the cloud ...

This advisory describes a local privilege escalation via guest-account in LightDM found in Ubuntu versions 1610 / 1604 LTS ...

CWE-22 https://www.ubuntu.com/usn/usn-3255-1/https://lists.freedesktop.org/archives/lightdm/2017-April/001059.html https://launchpad.net/bugs/1677924 http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/2478 http://www.securityfocus.com/bid/97486 https://www.exploit-db.com/exploits/41923/https://usn.ubuntu.com/3255-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/41923/

CVE-2017-7358

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect