This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Robert Ancell First view 2012-02-17
Product Lightdm Last view 2014-10-27
Version 0.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:robert_ancell:lightdm

Activity : Overall

Related : CVE

  Date Alert Description
4.6 2014-10-27 CVE-2012-1111

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.

1.9 2014-03-06 CVE-2011-3153

dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

1.9 2012-02-17 CVE-2011-4105

LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
33% (1) CWE-200 Information Exposure

Open Source Vulnerability Database (OSVDB)

id Description
77176 LightDM ~/.dmrc File Handling Local Symlink Arbitrary File Access
76835 LightDM src/xsession.c xsession_setup() Function /.Xauthority File Symlink Ow...

OpenVAS Exploits

id Description
2012-03-16 Name : Ubuntu Update for lightdm USN-1262-1
File : nvt/gb_ubuntu_USN_1262_1.nasl

Nessus® Vulnerability Scanner

id Description
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2011-12.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-154.nasl - Type: ACT_GATHER_INFO
2011-11-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1262-1.nasl - Type: ACT_GATHER_INFO