group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1677924] Re: Local privilege escalation via guest user login

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Robert Ancell <robert.ancell@xxxxxxxxxxxxx>
Date: Tue, 04 Apr 2017 21:28:41 -0000
Reply-to: Bug 1677924 <1677924@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: lightdm/1.18
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1677924

Title:
  Local privilege escalation via guest user login

Status in Light Display Manager:
  Fix Released
Status in Light Display Manager 1.18 series:
  Fix Released
Status in Light Display Manager 1.20 series:
  Fix Released
Status in Light Display Manager 1.22 series:
  Fix Released
Status in lightdm package in Ubuntu:
  Triaged
Status in lightdm source package in Xenial:
  Fix Released
Status in lightdm source package in Yakkety:
  Fix Released
Status in lightdm source package in Zesty:
  Triaged

Bug description:
  It was discovered that a local attacker could watch for lightdm's
  guest-account script to create a /tmp/guest-XXXXXX file and then quickly create
  the lowercase representation of the guest user's home directory before lightdm
  could. This allowed the attacker to have control of the guest user's home
  directory and, subsequently, gain control of an arbitrary directory in the
  filesystem which could lead to privilege escalation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1677924/+subscriptions