MidnightBSD

Advisories for robert_ancell

CVE-2011-4105 LOW

LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
robert_ancell lightdm *
robert_ancell lightdm 0.2.0
robert_ancell lightdm 1.0.4
robert_ancell lightdm 0.2.3
robert_ancell lightdm 0.3.3
robert_ancell lightdm 0.9.8
robert_ancell lightdm 0.1.2
robert_ancell lightdm 0.9.2
robert_ancell lightdm 1.0.1
robert_ancell lightdm 0.4.4
robert_ancell lightdm 0.9.4
robert_ancell lightdm 0.3.6
robert_ancell lightdm 1.0.3
robert_ancell lightdm 0.3.5
robert_ancell lightdm 0.2.1
robert_ancell lightdm 1.1.0
robert_ancell lightdm 0.2.2
robert_ancell lightdm 0.3.2
robert_ancell lightdm 0.9.3
robert_ancell lightdm 0.0.1
robert_ancell lightdm 0.0.3
robert_ancell lightdm 0.4.3
robert_ancell lightdm 1.0.0
robert_ancell lightdm 0.9.1
robert_ancell lightdm 0.3.0
robert_ancell lightdm 0.1.0
robert_ancell lightdm 0.4.0
robert_ancell lightdm 0.3.1
robert_ancell lightdm 0.9.0
robert_ancell lightdm 1.0.2
robert_ancell lightdm 0.1.1
robert_ancell lightdm 0.0.4
robert_ancell lightdm 0.9.7
robert_ancell lightdm 0.4.2
robert_ancell lightdm 0.9.5
robert_ancell lightdm 0.0.2
robert_ancell lightdm 0.9.6
robert_ancell lightdm 0.4.1
robert_ancell lightdm 0.3.4
CVE-2013-4331 LOW

Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
robert_ancell lightdm 1.4.1
robert_ancell lightdm 1.7.0
robert_ancell lightdm 1.7.5
robert_ancell lightdm 1.7.9
robert_ancell lightdm 1.7.7
robert_ancell lightdm 1.7.13
robert_ancell lightdm 1.7.12
robert_ancell lightdm 1.7.8
robert_ancell lightdm 1.7.6
robert_ancell lightdm 1.7.4
robert_ancell lightdm 1.6.0
robert_ancell lightdm 1.7.10
robert_ancell lightdm 1.4.2
robert_ancell lightdm 1.7.2
robert_ancell lightdm 1.4.0
robert_ancell lightdm 1.7.3
robert_ancell lightdm 1.6.1
robert_ancell lightdm 1.7.1
robert_ancell lightdm 1.7.11
CVE-2013-4459 LOW

LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
robert_ancell lightdm 1.7.18
robert_ancell lightdm 1.7.5
robert_ancell lightdm 1.7.9
canonical ubuntu_linux 13.10
robert_ancell lightdm 1.7.7
robert_ancell lightdm 1.7.13
robert_ancell lightdm 1.7.16
robert_ancell lightdm 1.7.12
robert_ancell lightdm 1.7.8
robert_ancell lightdm 1.7.6
robert_ancell lightdm 1.7.14
robert_ancell lightdm 1.8.3
robert_ancell lightdm 1.7.10
robert_ancell lightdm 1.7.17
robert_ancell lightdm 1.9.0
robert_ancell lightdm 1.7.15
robert_ancell lightdm 1.8.1
robert_ancell lightdm 1.9.1
robert_ancell lightdm 1.7.11
robert_ancell lightdm 1.8.0
robert_ancell lightdm 1.8.2