Vulnerability Description
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.
CVSS Score
1.9
LOW
AV:L/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Robert Ancell | Lightdm | <= 1.0.5 |
Related Weaknesses (CWE)
References
- http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html
- http://www.openwall.com/lists/oss-security/2011/11/02/10
- http://www.openwall.com/lists/oss-security/2011/11/02/6
- http://www.openwall.com/lists/oss-security/2011/11/02/9
- http://www.ubuntu.com/usn/USN-1262-1
- http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html
- http://www.openwall.com/lists/oss-security/2011/11/02/10
- http://www.openwall.com/lists/oss-security/2011/11/02/6
- http://www.openwall.com/lists/oss-security/2011/11/02/9
- http://www.ubuntu.com/usn/USN-1262-1
FAQ
What is CVE-2011-4105?
CVE-2011-4105 is a vulnerability with a CVSS score of 1.9 (LOW). LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.
How severe is CVE-2011-4105?
CVE-2011-4105 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4105?
Check the references section above for vendor advisories and patch information. Affected products include: Robert Ancell Lightdm.