CVE 2013-4459
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
Related bugs and status
CVE-2013-4459 (Candidate) is related to these bugs:
Bug #1242939: Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being provided to logind or ConsoleKit
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1242939 | Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being provided to logind or ConsoleKit | Light Display Manager | High | Fix Released | ||
| 1242939 | Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being provided to logind or ConsoleKit | lightdm (Ubuntu) | High | Fix Released | ||
| 1242939 | Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being provided to logind or ConsoleKit | lightdm (Ubuntu Saucy) | High | Fix Released | ||
| 1242939 | Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being provided to logind or ConsoleKit | lightdm (Ubuntu Trusty) | High | Fix Released | ||
| 1242939 | Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being provided to logind or ConsoleKit | Light Display Manager 1.8 | High | Fix Released | ||
| 1242939 | Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being provided to logind or ConsoleKit | Light Display Manager 1.9 | High | Fix Released | ||
Bug #1243339: lightdm no longer runs guest session through wrapper
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1243339 | lightdm no longer runs guest session through wrapper | lightdm (Ubuntu) | High | Fix Released | ||
| 1243339 | lightdm no longer runs guest session through wrapper | Light Display Manager | High | Fix Released | ||
| 1243339 | lightdm no longer runs guest session through wrapper | lightdm (Ubuntu Saucy) | High | Fix Released | ||
| 1243339 | lightdm no longer runs guest session through wrapper | lightdm (Ubuntu Trusty) | High | Fix Released | ||
| 1243339 | lightdm no longer runs guest session through wrapper | Light Display Manager 1.8 | High | Fix Released | ||
| 1243339 | lightdm no longer runs guest session through wrapper | Light Display Manager 1.9 | High | Fix Released | ||
Bug #1245295: Greeter indicates session is logged into after logout
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1245295 | Greeter indicates session is logged into after logout | lightdm (Ubuntu) | High | Fix Released | ||
| 1245295 | Greeter indicates session is logged into after logout | Light Display Manager | High | Fix Released | ||
| 1245295 | Greeter indicates session is logged into after logout | lightdm (Ubuntu Saucy) | Medium | Fix Released | ||
| 1245295 | Greeter indicates session is logged into after logout | lightdm (Ubuntu Trusty) | High | Fix Released | ||
| 1245295 | Greeter indicates session is logged into after logout | Light Display Manager 1.8 | Undecided | Fix Released | ||
| 1245295 | Greeter indicates session is logged into after logout | Light Display Manager 1.9 | Undecided | Fix Released | ||
Bug #1245957: session-setup-script doesn't know the username
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1245957 | session-setup-script doesn't know the username | lightdm (Ubuntu) | High | Fix Released | ||
| 1245957 | session-setup-script doesn't know the username | lightdm (Ubuntu Saucy) | High | Fix Released | ||
| 1245957 | session-setup-script doesn't know the username | lightdm (Ubuntu Trusty) | High | Fix Released | ||
| 1245957 | session-setup-script doesn't know the username | Light Display Manager | High | Fix Released | ||
| 1245957 | session-setup-script doesn't know the username | Light Display Manager 1.8 | High | Fix Released | ||
| 1245957 | session-setup-script doesn't know the username | Light Display Manager 1.9 | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
