Comment 15 for bug 1677924
Revision history for this message
| Noam Rathaus (noamr) wrote Re: [Bug 1677924] Re: Local privilege escalation via guest user login | #15 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Sorry for being ignorant about this, but I don't know where to look
I looked at Bugzilla for Kernel.org and it doesn't show there
Where should I look?
On Sun, Apr 22, 2018 at 2:24 PM, Oliver Grawert <email address hidden> wrote:
> This security fix seems to have caused some fallout ... see bug 1733557
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Local privilege escalation via guest user login
>
> Status in Light Display Manager:
> Fix Released
> Status in Light Display Manager 1.18 series:
> Fix Released
> Status in Light Display Manager 1.20 series:
> Fix Released
> Status in Light Display Manager 1.22 series:
> Fix Released
> Status in lightdm package in Ubuntu:
> Fix Released
> Status in lightdm source package in Xenial:
> Fix Released
> Status in lightdm source package in Yakkety:
> Fix Released
> Status in lightdm source package in Zesty:
> Fix Released
>
> Bug description:
> It was discovered that a local attacker could watch for lightdm's
> guest-account script to create a /tmp/guest-XXXXXX file and then quickly create
> the lowercase representation of the guest user's home directory before lightdm
> could. This allowed the attacker to have control of the guest user's home
> directory and, subsequently, gain control of an arbitrary directory in the
> filesystem which could lead to privilege escalation.
>
> To manage notifications about this bug go to:
> https:/
--
Thanks,
Noam Rathaus
Beyond Security
PGP Key ID: 7EF920D3C045D63F (Exp 2019-03)