Vulnerability Description
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
CVSS Score
3.3
LOW
AV:L/AC:M/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Robert Ancell | Lightdm | 1.7.5 |
| Canonical | Ubuntu Linux | 13.10 |
Related Weaknesses (CWE)
References
- http://lists.freedesktop.org/archives/lightdm/2013-October/000471.html
- http://lists.freedesktop.org/archives/lightdm/2013-October/000472.html
- http://www.ubuntu.com/usn/USN-2012-1
- https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/1243339Exploit
- http://lists.freedesktop.org/archives/lightdm/2013-October/000471.html
- http://lists.freedesktop.org/archives/lightdm/2013-October/000472.html
- http://www.ubuntu.com/usn/USN-2012-1
- https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/1243339Exploit
FAQ
What is CVE-2013-4459?
CVE-2013-4459 is a vulnerability with a CVSS score of 3.3 (LOW). LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
How severe is CVE-2013-4459?
CVE-2013-4459 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4459?
Check the references section above for vendor advisories and patch information. Affected products include: Robert Ancell Lightdm, Canonical Ubuntu Linux.