Vulnerability Description
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 22 |
| Sddm Project | Sddm | <= 0.12.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.hThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/10/14/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/77099Third Party AdvisoryVDB Entry
- https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86Vendor Advisory
- https://github.com/sddm/sddm/wiki/0.13.0-Release-AnnouncementVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.hThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/10/14/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/77099Third Party AdvisoryVDB Entry
- https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86Vendor Advisory
- https://github.com/sddm/sddm/wiki/0.13.0-Release-AnnouncementVendor Advisory
FAQ
What is CVE-2015-0856?
CVE-2015-0856 is a vulnerability with a CVSS score of 4.6 (MEDIUM). daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated b...
How severe is CVE-2015-0856?
CVE-2015-0856 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0856?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Sddm Project Sddm.