2017-03-31 00:17:17 |
Tyler Hicks |
bug |
|
|
added bug |
2017-03-31 00:17:42 |
Tyler Hicks |
bug task added |
|
lightdm |
|
2017-03-31 00:17:49 |
Tyler Hicks |
lightdm: status |
New |
Confirmed |
|
2017-03-31 00:21:13 |
Tyler Hicks |
attachment added |
|
0001-Detect-existing-malicious-guest-user-home-dirs.patch https://bugs.launchpad.net/lightdm/+bug/1677924/+attachment/4850930/+files/0001-Detect-existing-malicious-guest-user-home-dirs.patch |
|
2017-03-31 01:46:06 |
Robert Ancell |
bug |
|
|
added subscriber Robert Ancell |
2017-03-31 01:53:58 |
Robert Ancell |
lightdm: importance |
Undecided |
Critical |
|
2017-03-31 01:54:00 |
Robert Ancell |
lightdm: status |
Confirmed |
Triaged |
|
2017-03-31 01:55:26 |
Robert Ancell |
nominated for series |
|
lightdm/1.18 |
|
2017-03-31 01:55:26 |
Robert Ancell |
bug task added |
|
lightdm/1.18 |
|
2017-03-31 01:55:26 |
Robert Ancell |
nominated for series |
|
lightdm/1.20 |
|
2017-03-31 01:55:26 |
Robert Ancell |
bug task added |
|
lightdm/1.20 |
|
2017-03-31 01:55:26 |
Robert Ancell |
nominated for series |
|
lightdm/1.22 |
|
2017-03-31 01:55:26 |
Robert Ancell |
bug task added |
|
lightdm/1.22 |
|
2017-03-31 01:55:33 |
Robert Ancell |
lightdm/1.18: status |
New |
Triaged |
|
2017-03-31 01:55:36 |
Robert Ancell |
lightdm/1.20: status |
New |
Triaged |
|
2017-03-31 01:55:37 |
Robert Ancell |
lightdm/1.22: status |
New |
Triaged |
|
2017-03-31 01:55:39 |
Robert Ancell |
lightdm/1.22: importance |
Undecided |
Critical |
|
2017-03-31 01:55:40 |
Robert Ancell |
lightdm/1.20: importance |
Undecided |
Critical |
|
2017-03-31 01:56:01 |
Robert Ancell |
lightdm/1.18: importance |
Undecided |
Critical |
|
2017-03-31 01:56:31 |
Robert Ancell |
nominated for series |
|
Ubuntu Zesty |
|
2017-03-31 01:56:31 |
Robert Ancell |
bug task added |
|
lightdm (Ubuntu Zesty) |
|
2017-03-31 01:56:31 |
Robert Ancell |
nominated for series |
|
Ubuntu Xenial |
|
2017-03-31 01:56:31 |
Robert Ancell |
bug task added |
|
lightdm (Ubuntu Xenial) |
|
2017-03-31 01:56:31 |
Robert Ancell |
nominated for series |
|
Ubuntu Yakkety |
|
2017-03-31 01:56:31 |
Robert Ancell |
bug task added |
|
lightdm (Ubuntu Yakkety) |
|
2017-03-31 01:57:21 |
Robert Ancell |
lightdm (Ubuntu Yakkety): status |
New |
Triaged |
|
2017-03-31 01:57:24 |
Robert Ancell |
lightdm (Ubuntu Zesty): status |
Confirmed |
Triaged |
|
2017-03-31 01:57:26 |
Robert Ancell |
lightdm (Ubuntu Xenial): status |
New |
Triaged |
|
2017-03-31 01:57:28 |
Robert Ancell |
lightdm (Ubuntu Yakkety): importance |
Undecided |
Critical |
|
2017-03-31 01:57:30 |
Robert Ancell |
lightdm (Ubuntu Xenial): importance |
Undecided |
Critical |
|
2017-03-31 02:06:19 |
Tyler Hicks |
cve linked |
|
2017-7358 |
|
2017-04-03 14:24:20 |
Tyler Hicks |
bug |
|
|
added subscriber Noam Rathaus |
2017-04-04 20:43:23 |
Tyler Hicks |
description |
Maor Schwartz discovered that a local attacker could watch for lightdm's
guest-account script to create a /tmp/guest-XXXXXX file and then quickly create
the lowercase representation of the guest user's home directory before lightdm
could. This allowed the attacker to have control of the guest user's home
directory and, subsequently, gain control of an arbitrary directory in the
filesystem which could lead to privilege escalation. |
It was discovered that a local attacker could watch for lightdm's
guest-account script to create a /tmp/guest-XXXXXX file and then quickly create
the lowercase representation of the guest user's home directory before lightdm
could. This allowed the attacker to have control of the guest user's home
directory and, subsequently, gain control of an arbitrary directory in the
filesystem which could lead to privilege escalation. |
|
2017-04-04 20:45:03 |
Tyler Hicks |
attachment removed |
0001-Detect-existing-malicious-guest-user-home-dirs.patch https://bugs.launchpad.net/lightdm/+bug/1677924/+attachment/4850930/+files/0001-Detect-existing-malicious-guest-user-home-dirs.patch |
|
|
2017-04-04 20:49:09 |
Tyler Hicks |
attachment added |
|
0001-Detect-existing-malicious-guest-user-home-dirs.patch https://bugs.launchpad.net/lightdm/+bug/1677924/+attachment/4854776/+files/0001-Detect-existing-malicious-guest-user-home-dirs.patch |
|
2017-04-04 21:02:50 |
Launchpad Janitor |
lightdm (Ubuntu Yakkety): status |
Triaged |
Fix Released |
|
2017-04-04 21:02:52 |
Launchpad Janitor |
lightdm (Ubuntu Xenial): status |
Triaged |
Fix Released |
|
2017-04-04 21:04:30 |
Tyler Hicks |
information type |
Private Security |
Public Security |
|
2017-04-04 21:04:47 |
Tyler Hicks |
lightdm (Ubuntu Xenial): assignee |
|
Tyler Hicks (tyhicks) |
|
2017-04-04 21:04:48 |
Tyler Hicks |
lightdm (Ubuntu Yakkety): assignee |
|
Tyler Hicks (tyhicks) |
|
2017-04-04 21:05:02 |
Tyler Hicks |
lightdm (Ubuntu Zesty): assignee |
|
Robert Ancell (robert-ancell) |
|
2017-04-04 21:24:48 |
Robert Ancell |
lightdm: status |
Triaged |
Fix Committed |
|
2017-04-04 21:24:53 |
Robert Ancell |
lightdm: status |
Fix Committed |
Fix Released |
|
2017-04-04 21:25:01 |
Launchpad Janitor |
branch linked |
|
lp:lightdm |
|
2017-04-04 21:26:26 |
Robert Ancell |
lightdm/1.22: status |
Triaged |
Fix Released |
|
2017-04-04 21:26:41 |
Launchpad Janitor |
branch linked |
|
lp:lightdm/1.22 |
|
2017-04-04 21:27:34 |
Robert Ancell |
lightdm/1.20: status |
Triaged |
Fix Released |
|
2017-04-04 21:27:43 |
Launchpad Janitor |
branch linked |
|
lp:lightdm/1.20 |
|
2017-04-04 21:28:41 |
Robert Ancell |
lightdm/1.18: status |
Triaged |
Fix Released |
|
2017-04-04 21:28:52 |
Launchpad Janitor |
branch linked |
|
lp:lightdm/1.18 |
|
2017-04-05 00:26:37 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2017-04-05 13:04:40 |
Launchpad Janitor |
lightdm (Ubuntu Zesty): status |
Triaged |
Fix Released |
|
2017-08-18 11:39:04 |
sudodus |
bug |
|
|
added subscriber sudodus |