CVE-2012-1166

Published: 12 March 2012

The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.

Notes

Author	Note
mdeslaur	2.2.x and up

Priority

Status

Package	Release	Status
ldm Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Not vulnerable
	maverick	Not vulnerable
	natty	Released (2:2.2.1-0ubuntu1.1)
	oneiric	Released (2:2.2.4-0ubuntu1.1)
	upstream	Released (2.2.7)

References

https://ubuntu.com/security/notices/USN-1398-1
https://www.cve.org/CVERecord?id=CVE-2012-1166
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›