Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-129,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lightdm_project | lightdm | 1.16.3 |
| lightdm_project | lightdm | 1.16.1 |
| lightdm_project | lightdm | 1.16.4 |
| lightdm_project | lightdm | 1.16 |
| lightdm_project | lightdm | 1.16.2 |
| lightdm_project | lightdm | 1.14.3 |
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 16.10 |
| lightdm_project | lightdm | * |
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lightdm_project | lightdm | * |