Vulnerability Description
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ltsp Display Manager | 2.2.4 |
| Canonical | Ubuntu Linux | 11.04 |
Related Weaknesses (CWE)
References
- http://irclogs.ltsp.org/?d=2012-03-12
- http://www.ubuntu.com/usn/USN-1398-1
- https://bugs.launchpad.net/ubuntu/%2Bsource/ldm/%2Bbug/953340
- http://irclogs.ltsp.org/?d=2012-03-12
- http://www.ubuntu.com/usn/USN-1398-1
- https://bugs.launchpad.net/ubuntu/%2Bsource/ldm/%2Bbug/953340
FAQ
What is CVE-2012-1166?
CVE-2012-1166 is a vulnerability with a CVSS score of 10.0 (HIGH). The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
How severe is CVE-2012-1166?
CVE-2012-1166 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1166?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ltsp Display Manager, Canonical Ubuntu Linux.