CVE-2017-7358

Published: 04 April 2017

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

Priority

High

CVSS 3 base score: 7.3

Status

Package Release Status
lightdm
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.18.3-0ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)

Notes

AuthorNote
tyhicks
This issue was reported to us by Beyond Security but they did not
discover the issue. The discoverer is unknown.

References

Bugs