This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Robert Ancell First view 2012-02-17
Product Lightdm Last view 2014-10-27
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:robert_ancell:lightdm:1.0.4:*:*:*:*:*:*:* 4
cpe:2.3:a:robert_ancell:lightdm:1.0.2:*:*:*:*:*:*:* 4
cpe:2.3:a:robert_ancell:lightdm:1.0.0:*:*:*:*:*:*:* 4
cpe:2.3:a:robert_ancell:lightdm:1.0.1:*:*:*:*:*:*:* 4
cpe:2.3:a:robert_ancell:lightdm:1.0.3:*:*:*:*:*:*:* 4
cpe:2.3:a:robert_ancell:lightdm:1.0.5:*:*:*:*:*:*:* 4
cpe:2.3:a:robert_ancell:lightdm:0.3.1:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.2.0:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.1.1:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.5:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.4:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.3:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.2:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.3.0:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.2.3:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.2.2:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.2.1:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.4.4:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.4.2:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.3.4:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.3.2:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.1.2:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.1.0:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:1.1.0:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.0.4:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.8:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.6:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.1:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.4.1:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.4.0:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.3.6:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.3.5:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.0.3:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.0.2:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.0.1:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.7:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.9.0:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.4.3:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:0.3.3:*:*:*:*:*:*:* 3
cpe:2.3:a:robert_ancell:lightdm:1.7.11:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.7.10:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.7.12:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.7.6:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.7.13:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.7.8:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.0.11:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.0.10:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.0.8:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.7.9:*:*:*:*:*:*:* 2
cpe:2.3:a:robert_ancell:lightdm:1.0.6:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
4.6 2014-10-27 CVE-2012-1111

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
2.1 2014-05-22 CVE-2012-0943

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.
1.9 2014-03-06 CVE-2011-3153

dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
2.1 2014-02-01 CVE-2013-4331

Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.
3.3 2013-11-23 CVE-2013-4459

LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
1.9 2012-02-17 CVE-2011-4105

LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.

CWE : Common Weakness Enumeration

%idName
50% (3) CWE-264 Permissions, Privileges, and Access Controls
33% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
16% (1) CWE-200 Information Exposure

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:14892 USN-1262-1 -- Light Display Manager vulnerabilities
oval:org.mitre.oval:def:18933 USN-2012-1 -- lightdm vulnerability
oval:org.mitre.oval:def:18878 USN-1950-1 -- lightdm vulnerability
oval:org.mitre.oval:def:15427 USN-1399-2 -- Light Display Manager vulnerability
oval:org.mitre.oval:def:15279 USN-1399-1 -- gdm-guest-session vulnerability

Open Source Vulnerability Database (OSVDB)

id Description
77176 LightDM ~/.dmrc File Handling Local Symlink Arbitrary File Access
76835 LightDM src/xsession.c xsession_setup() Function /.Xauthority File Symlink Ow...

OpenVAS Exploits

id Description
2012-03-16 Name : Ubuntu Update for lightdm USN-1262-1
File : nvt/gb_ubuntu_USN_1262_1.nasl
2012-03-16 Name : Ubuntu Update for gdm-guest-session USN-1399-1
File : nvt/gb_ubuntu_USN_1399_1.nasl
2012-03-16 Name : Ubuntu Update for lightdm USN-1399-2
File : nvt/gb_ubuntu_USN_1399_2.nasl

Nessus® Vulnerability Scanner

id Description
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2011-12.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-154.nasl - Type: ACT_GATHER_INFO
2013-11-07 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2012-1.nasl - Type: ACT_GATHER_INFO
2013-09-13 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1950-1.nasl - Type: ACT_GATHER_INFO
2012-03-14 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1399-1.nasl - Type: ACT_GATHER_INFO
2012-03-14 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1399-2.nasl - Type: ACT_GATHER_INFO
2011-11-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1262-1.nasl - Type: ACT_GATHER_INFO