daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/10/14/2 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/77099 | Third Party Advisory VDB Entry |
https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86 | Vendor Advisory |
https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement | Vendor Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/10/14/2 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/77099 | Third Party Advisory VDB Entry |
https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86 | Vendor Advisory |
https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement | Vendor Advisory |
Configurations
History
21 Nov 2024, 02:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html - Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2015/10/14/2 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/77099 - Third Party Advisory, VDB Entry | |
References | () https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86 - Vendor Advisory | |
References | () https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement - Vendor Advisory |
Information
Published : 2015-11-24 20:59
Updated : 2024-11-21 02:23
NVD link : CVE-2015-0856
Mitre link : CVE-2015-0856
CVE.ORG link : CVE-2015-0856
JSON object : View
Products Affected
sddm_project
- sddm
fedoraproject
- fedora
CWE
CWE-264
Permissions, Privileges, and Access Controls