Vulnerability Description
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lightdm Project | Lightdm | <= 1.22.0 |
| Canonical | Ubuntu Linux | 16.04 |
Related Weaknesses (CWE)
References
- http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/2478Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/97486Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1677924Third Party AdvisoryVDB Entry
- https://lists.freedesktop.org/archives/lightdm/2017-April/001059.htmlThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41923/
- https://www.ubuntu.com/usn/usn-3255-1/Third Party Advisory
- http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/2478Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/97486Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1677924Third Party AdvisoryVDB Entry
- https://lists.freedesktop.org/archives/lightdm/2017-April/001059.htmlThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41923/
- https://www.ubuntu.com/usn/usn-3255-1/Third Party Advisory
FAQ
What is CVE-2017-7358?
CVE-2017-7358 is a vulnerability with a CVSS score of 7.3 (HIGH). In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user l...
How severe is CVE-2017-7358?
CVE-2017-7358 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7358?
Check the references section above for vendor advisories and patch information. Affected products include: Lightdm Project Lightdm, Canonical Ubuntu Linux.