group.of.nepali.translators team mailing list archive

[Launchpad Bug Tracker <1677924@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package lightdm - 1.22.0-0ubuntu2

---------------
lightdm (1.22.0-0ubuntu2) zesty; urgency=medium

  * SECURITY UPDATE: Directory traversal allowing arbitrary directory
    ownership and privilege escalation (LP: #1677924)
    - debian/guest-account.sh: Detect existing malicious guest user home dirs
      before proceeding with guest user creation
    - CVE-2017-7358

 -- Robert Ancell <robert.ancell@xxxxxxxxxxxxx>  Wed, 05 Apr 2017
10:34:32 +1200

** Changed in: lightdm (Ubuntu Zesty)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1677924

Title:
  Local privilege escalation via guest user login

Status in Light Display Manager:
  Fix Released
Status in Light Display Manager 1.18 series:
  Fix Released
Status in Light Display Manager 1.20 series:
  Fix Released
Status in Light Display Manager 1.22 series:
  Fix Released
Status in lightdm package in Ubuntu:
  Fix Released
Status in lightdm source package in Xenial:
  Fix Released
Status in lightdm source package in Yakkety:
  Fix Released
Status in lightdm source package in Zesty:
  Fix Released

Bug description:
  It was discovered that a local attacker could watch for lightdm's
  guest-account script to create a /tmp/guest-XXXXXX file and then quickly create
  the lowercase representation of the guest user's home directory before lightdm
  could. This allowed the attacker to have control of the guest user's home
  directory and, subsequently, gain control of an arbitrary directory in the
  filesystem which could lead to privilege escalation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1677924/+subscriptions