CVE-2015-0856

daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
Configurations

Configuration 1 (hide)

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:sddm_project:sddm:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:23

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2015/10/14/2 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2015/10/14/2 - Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/77099 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/77099 - Third Party Advisory, VDB Entry
References () https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86 - Vendor Advisory () https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86 - Vendor Advisory
References () https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement - Vendor Advisory () https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement - Vendor Advisory

Information

Published : 2015-11-24 20:59

Updated : 2024-11-21 02:23


NVD link : CVE-2015-0856

Mitre link : CVE-2015-0856

CVE.ORG link : CVE-2015-0856


JSON object : View

Products Affected

sddm_project

  • sddm

fedoraproject

  • fedora
CWE
CWE-264

Permissions, Privileges, and Access Controls