Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-10369

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Related bugs and status

CVE-2016-10369 (Candidate) is related to these bugs:

Bug #1690416: [CVE] socket can be blocked by another user

		In	Importance	Status
1690416	[CVE] socket can be blocked by another user	lxterminal (Ubuntu)	Undecided	Fix Released
1690416	[CVE] socket can be blocked by another user	lxterminal (Ubuntu Artful)	Undecided	Fix Released
1690416	[CVE] socket can be blocked by another user	lxterminal (Ubuntu Zesty)	Undecided	Fix Released
1690416	[CVE] socket can be blocked by another user	lxterminal (Ubuntu Trusty)	Undecided	Fix Released
1690416	[CVE] socket can be blocked by another user	lxterminal (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.debian.or...
MISC: https://git.lxde.org/g...
MISC: https://unix.stackexch...