Launchpad CVE tracker

CVE 2011-3349

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.

Related bugs and status

CVE-2011-3349 (Candidate) is related to these bugs:

Bug #806559: debconf prompt about DM to use during natty->oneiric

Summary				In	Importance	Status
	806559	debconf prompt about DM to use during natty->oneiric		lightdm (Ubuntu)	Medium	Fix Released
	806559	debconf prompt about DM to use during natty->oneiric		lightdm (Ubuntu Oneiric)	Medium	Fix Released

Bug #834079: files written as root to user-controlled folders

		In	Importance	Status
834079	files written as root to user-controlled folders	Light Display Manager	High	Fix Released
834079	files written as root to user-controlled folders	lightdm (Debian)	Unknown	Fix Released
834079	files written as root to user-controlled folders	lightdm (Ubuntu)	High	Fix Released
834079	files written as root to user-controlled folders	lightdm (Ubuntu Oneiric)	High	Fix Released

Bug #835996: lightdm.log should not be user readable

		In	Importance	Status
835996	lightdm.log should not be user readable	lightdm (Ubuntu)	Medium	Fix Released
835996	lightdm.log should not be user readable	lightdm (Ubuntu Oneiric)	Medium	Fix Released
835996	lightdm.log should not be user readable	Light Display Manager	Medium	Fix Released

Bug #844274: creating a guest session does not lock the users session

		In	Importance	Status
844274	creating a guest session does not lock the users session	lightdm (Ubuntu)	High	Fix Released
844274	creating a guest session does not lock the users session	lightdm (Ubuntu Oneiric)	High	Fix Released
844274	creating a guest session does not lock the users session	Light Display Manager	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-3349

References