PT-2013-5026 · Canonical · Lightdm

Marc Deslauriers

Published

2013-11-23

Updated

2013-11-25

CVE-2013-4459

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions LightDM versions 1.7.5 through 1.8.3 LightDM versions 1.9.x before 1.9.2

Description The issue allows local users to bypass intended restrictions by leveraging the Guest account, as the AppArmor profile is not applied to it.

Recommendations For versions 1.7.5 through 1.8.3, update to a version that applies the AppArmor profile to the Guest account. For versions 1.9.x before 1.9.2, update to version 1.9.2 or later to ensure the AppArmor profile is applied to the Guest account.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-4459

Affected Products

Lightdm

PT-2013-5026 · Canonical · Lightdm

CVE-2013-4459

Weakness Enumeration

Related Identifiers

Affected Products

References · 5