CVE-2011-3153 — LOW (1.9) — White Hats Nepal

Q: What is CVE-2011-3153?

CVE-2011-3153 is a vulnerability with a CVSS score of 1.9 (LOW). dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

Q: How severe is CVE-2011-3153?

CVE-2011-3153 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-3153?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Robert Ancell Lightdm.

Vulnerability Description

dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

CVSS Score

1.9

LOW

AV:L/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	11.10
Robert Ancell	Lightdm	<= 1.1.0

Related Weaknesses (CWE)

CWE-59

References

http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1299
http://www.ubuntu.com/usn/USN-1262-1
https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/883865
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1299
http://www.ubuntu.com/usn/USN-1262-1
https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/883865

FAQ

What is CVE-2011-3153?

CVE-2011-3153 is a vulnerability with a CVSS score of 1.9 (LOW). dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

How severe is CVE-2011-3153?

CVE-2011-3153 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-3153?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Robert Ancell Lightdm.