CVE-2012-1166

Name of the Vulnerable Software and Affected Versions LTSP Display Manager (ldm) versions 2.2.x before 2.2.7

Description The issue allows remote attackers to execute arbitrary commands via the KP RETURN keybinding, which launches a terminal window. This occurs due to the default keybindings for wwm in LTSP Display Manager.

Recommendations For versions 2.2.x before 2.2.7, update to version 2.2.7 or later to resolve the issue. As a temporary workaround, consider disabling the KP RETURN keybinding to prevent the launch of a terminal window until a patch is available.