CVE-2013-4331
Published: 12 September 2013
Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.
Notes
Author | Note |
---|---|
mdeslaur | couldn't reproduce on quantal |
Priority
Status
Package | Release | Status |
---|---|---|
lightdm Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
(1.2.3-0ubuntu2.3)
|
|
quantal |
Not vulnerable
(1.4.0-0ubuntu2)
|
|
raring |
Released
(1.6.0-0ubuntu3.1)
|
|
upstream |
Released
(1.4.3,1.6.2,1.7.14)
|
|
Patches: upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1571 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1576 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1577 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1641 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1652 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1653 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1675 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1780 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1781 |