LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/98554 | Third Party Advisory VDB Entry |
https://launchpad.net/bugs/1663157 | Issue Tracking Patch Vendor Advisory |
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html | Patch Vendor Advisory |
https://www.ubuntu.com/usn/usn-3285-1/ | Patch Vendor Advisory |
http://www.securityfocus.com/bid/98554 | Third Party Advisory VDB Entry |
https://launchpad.net/bugs/1663157 | Issue Tracking Patch Vendor Advisory |
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html | Patch Vendor Advisory |
https://www.ubuntu.com/usn/usn-3285-1/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/98554 - Third Party Advisory, VDB Entry | |
References | () https://launchpad.net/bugs/1663157 - Issue Tracking, Patch, Vendor Advisory | |
References | () https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html - Patch, Vendor Advisory | |
References | () https://www.ubuntu.com/usn/usn-3285-1/ - Patch, Vendor Advisory |
Information
Published : 2017-05-12 07:29
Updated : 2024-11-21 03:34
NVD link : CVE-2017-8900
Mitre link : CVE-2017-8900
CVE.ORG link : CVE-2017-8900
JSON object : View
Products Affected
lightdm_project
- lightdm
canonical
- ubuntu_linux
CWE